Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Moneypak, computer can't function.. [Closed]

Started by drewdreworld , Dec 19 2012 03:24 PM

  • This topic is locked This topic is locked

#31
drewdreworld
Posted 28 December 2012 - 06:20 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Looks a little more promising than the last one did, to my uneducated eyes.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-28 19:19:47 Run:2
Running from K:\

==============================================

Could not find C:\WINDOWS\System32\autochk.exe
C:\WINDOWS\$NtServicePackUninstall$\autochk.exe copied successfully to C:\WINDOWS\System32\autochk.exe
Could not find C:\WINDOWS\system32\alg.exe
C:\WINDOWS\ServicePackFiles\i386\alg.exe copied successfully to C:\WINDOWS\system32\alg.exe
Could not find C:\WINDOWS\system32\audiosrv.dll
C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll copied successfully to C:\WINDOWS\system32\audiosrv.dll

==== End of Fixlog ====
  • 0

Advertisements

#32
Aaron
Posted 28 December 2012 - 06:23 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Yup, that look better ! :)

Try booting in normal mode again. If you would get a message like "Diskcheck will check your hard drive ... press a key to cancel", then cancel it by pressing a key. We just did that scan so it's only a waste of time.
  • 0

#33
drewdreworld
Posted 28 December 2012 - 06:41 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I cancelled the disk check but when it went to the next screen, it was the split-second long black (dos?) screen with text on it (can't even read the first word before it shuts itself down) before it rebooted like before.. only without the autochk error message. Letting chkdsk run now and seeing what happens after that I guess?
  • 0

#34
Aaron
Posted 28 December 2012 - 06:46 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Might aswell yes. I think we might need to do a repair install, I'll discuss it with my colleagues.
After it's done, and if it still doesn't boot, make another FRST scan please.
  • 0

#35
drewdreworld
Posted 28 December 2012 - 06:58 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Still not booting past that black screen =( it basically goes to the windows load screen and then the black screen then shuts itself down

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 28-12-2012 19:53:45
Running from K:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet004

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [131072 2004-12-20] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [15494464 2012-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login [x]
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1634112 2012-02-09] ()
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [221184 2003-11-03] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [180269 2005-10-16] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default User\...\Run: [RecordNow!] [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Spotify Web Helper] "C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-11] ()
HKLM\...\Runonce: [OTL] "X:\Programs\OTLPE\OTLPE.exe" [x]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.81.22.195 71.92.29.130 24.217.201.67
Tcpip\..\Interfaces\{4745F59C-FBD1-4DED-BD5E-E2E880676947}: [NameServer]192.168.1.1

==================== Services (Whitelisted) ===================

2 CSHelper; C:\WINDOWS\system32\CSHelper.exe [266240 2010-08-11] ()
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-11-05] (Flexera Software, Inc.)
2 KodakCCS; C:\Windows\System32\drivers\KodakCCS.exe [294972 2003-06-18] (Eastman Kodak Company)
3 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [1029456 2010-08-16] (Lavasoft)
2 ScsiAccess; C:\WINDOWS\System32\ScsiAccess.EXE [181312 2003-02-04] ()
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 WANMiniportService; "C:\WINDOWS\wanmpsvc.exe" [65536 2003-08-27] (America Online, Inc.)
4 ADBLOCK.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [x]
4 Alerter; C:\Windows\System32\alrsvc.dll [x]
4 CONTENT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [x]
4 DNSCACHE.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [x]
4 FTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [x]
4 HTMLFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [x]
4 HTTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [x]
4 IMAPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
4 MAILFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [x]
4 NNTPFILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [x]
4 POP3FILT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [x]
4 PROTECT.DLL; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [x]

==================== Drivers (Whitelisted) ====================

3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [68672 2003-01-09] (2Wire, Inc.)
3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [391424 2003-12-12] (Sensaura Ltd)
1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [35328 2003-11-07] (Advanced Micro Devices)
3 BLKWGU(Belkin); C:\Windows\System32\DRIVERS\BLKWGU.sys [402944 2005-11-10] (Belkin Corporation)
3 BRGSp50; C:\Windows\System32\Drivers\BRGSp50.sys [20608 2005-06-08] (Printing Communications Assoc., Inc. (PCAUSA))
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
1 Changer; C:\Windows\System32\Drivers\Changer.sys [8192 2008-04-13] (Microsoft Corporation)
1 DcCam; C:\Windows\System32\DRIVERS\DcCam.sys [36826 2003-06-18] (Eastman Kodak Company)
3 DcFpoint; C:\Windows\System32\DRIVERS\DcFpoint.sys [61568 2003-06-18] (Eastman Kodak Company)
2 DCFS2K; C:\Windows\System32\drivers\dcfs2k.sys [38997 2003-06-18] (Eastman Kodak Company)
3 DcLps; C:\Windows\System32\DRIVERS\DcLps.sys [8058 2003-06-18] (Eastman Kodak Company)
3 DcPTP; C:\Windows\System32\DRIVERS\DcPTP.sys [63002 2003-06-18] (Eastman Kodak Company)
3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
1 Exportit; C:\Windows\System32\DRIVERS\exportit.sys [138485 2003-06-18] (Eastman Kodak Company)
0 fasttx2k; C:\Windows\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [16224 2007-01-11] (LogMeIn, Inc.)
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64160 2009-07-03] (Lavasoft AB)
1 lbrtfdc; C:\Windows\System32\Drivers\lbrtfdc.sys [34688 2008-04-13] (Toshiba Corp.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2005-04-13] (NVIDIA Corporation)
3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [54784 2003-04-22] (NVIDIA Corporation)
3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [414464 2005-04-13] (NVIDIA Corporation)
0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [21120 2003-09-02] (NVIDIA Corporation)
3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [98392 2010-11-09] (Sunbelt Software)
3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [429440 2003-12-06] (Silicon Integrated Systems Corporation)
1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [11392 2003-12-05] (Silicon Integrated Systems Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [117760 2003-10-17] (Copyright © VIA/S3 Graphics, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [55808 2007-08-28] (Microsoft Corporation)
3 ZD1211BU(ZyDAS); C:\Windows\System32\DRIVERS\zd1211Bu.sys [330240 2005-08-17] (ZyDAS Technology Corporation)
3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-25] (Printing Communications Assoc., Inc. (PCAUSA))
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
3 ALCXWDM; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 cd20xrnt; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
3 ECSIoDriver_1_1_0_0; \??\F:\ECSIoDriver.sys [x]
4 hpn; [x]
4 i2omp; [x]
3 ialm; [x]
4 ini910u; [x]
3 ltmodem5; [x]
1 MPFIREWL; [x]
4 mraid35x; [x]
2 mrtRate; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
0 PxHelp20; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
1 redbook; C:\Windows\System32\drivers\tsk3.tmp [x]
1 SASDIFSV; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
4 Simbad; [x]
4 Sparrow; [x]
3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [x]
3 Sunkfiltp; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
3 TlntSvr; [x]
4 TosIde; [x]
4 ultra; [x]
4 VFILT; \??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [x]
3 wanatw; [x]
3 WDICA; [x]
3 {6080A529-897E-4629-A488-ABA0C29B635E}; [x]
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: belgium_id_card_service -> No Registry Path.
NETSVC: swmsflt -> No Registry Path.
NETSVC: ibmfilter -> No Registry Path.
NETSVC: tvalz -> No Registry Path.
NETSVC: USA49W2KP -> No Registry Path.
NETSVC: s7otranx -> No Registry Path.
NETSVC: DCamUSBEMPIA -> No Registry Path.
NETSVC: SE2Bmgmt -> No Registry Path.

==================== One Month Created Files and Folders ========

2012-12-28 19:19 - 2008-04-13 19:12 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\alg.exe
2012-12-28 19:19 - 2008-04-13 19:11 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2012-12-28 19:19 - 2004-08-04 02:56 - 00588800 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2012-12-28 12:56 - 2012-12-28 12:56 - 00100164 ____N C:\bootex.log
2012-12-28 11:12 - 2012-12-28 11:12 - 00000000 __SHD C:\found.000
2012-12-26 18:36 - 2012-12-26 18:36 - 00000000 ___DC C:\FRST
2012-12-26 16:40 - 2011-07-12 21:55 - 02237440 __RAC (OldTimer Tools) C:\OTLPE.exe
2012-12-26 16:36 - 2012-12-26 16:36 - 00000000 ___DC C:\_OTL
2012-12-25 20:59 - 2012-12-27 16:36 - 00112298 ___AC C:\OTL.Txt
2012-12-20 05:07 - 2012-12-20 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2012-12-20 05:02 - 2012-12-20 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2012-12-20 04:42 - 2012-12-20 04:50 - 00009988 ____A C:\Windows\KB2779562.log
2012-12-20 04:42 - 2012-12-20 04:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2012-12-20 04:09 - 2012-12-20 04:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2012-12-20 03:30 - 2012-12-20 03:45 - 00017184 ____A C:\Windows\KB2761465-IE8.log
2012-12-19 16:24 - 2012-12-20 05:09 - 00018126 ____A C:\Windows\KB2758857.log
2012-12-10 02:39 - 2012-12-10 02:39 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\QuickScan
2012-12-10 02:18 - 2012-12-10 02:18 - 00000717 ____A C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
2012-12-10 02:18 - 2012-12-10 02:18 - 00000000 ____D C:\Program Files\VIO Player
2012-12-09 23:54 - 2012-12-09 23:54 - 00000382 ____A C:\Windows\DCEBOOT.RST
2012-12-09 23:54 - 2012-12-09 23:54 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-12-09 23:53 - 2012-12-09 23:53 - 00181808 ____A C:\Windows\RegBootClean.exe
2012-12-09 23:53 - 2012-12-09 23:53 - 00022064 ____A C:\Windows\DCEBoot.exe
2012-12-09 23:52 - 2012-12-10 02:31 - 00195551 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2012-12-09 23:52 - 2012-12-10 02:31 - 00194762 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2012-12-09 23:39 - 2012-12-09 23:39 - 02002944 ____A (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 00000036 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2012-11-30 22:44 - 2012-11-30 22:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net

==================== One Month Modified Files and Folders ========

2012-12-28 12:56 - 2012-12-28 12:56 - 00100164 ____N C:\bootex.log
2012-12-28 11:12 - 2012-12-28 11:12 - 00000000 __SHD C:\found.000
2012-12-27 16:36 - 2012-12-25 20:59 - 00112298 ___AC C:\OTL.Txt
2012-12-26 18:36 - 2012-12-26 18:36 - 00000000 ___DC C:\FRST
2012-12-26 18:25 - 2009-09-08 00:25 - 00111764 ___AC C:\aaw7boot.log
2012-12-26 16:36 - 2012-12-26 16:36 - 00000000 ___DC C:\_OTL
2012-12-26 16:36 - 2012-11-14 08:13 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SCC
2012-12-20 16:29 - 2004-11-14 18:56 - 01608989 ____A C:\Windows\WindowsUpdate.log
2012-12-20 16:29 - 2004-01-20 20:19 - 00032632 ____A C:\Windows\SchedLgU.Txt
2012-12-20 16:29 - 2004-01-20 20:19 - 00000278 __ASH C:\Documents and Settings\Owner\ntuser.ini
2012-12-20 16:29 - 2004-01-20 20:16 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 16:29 - 2004-01-20 12:11 - 00000275 ____A C:\Windows\wiadebug.log
2012-12-20 16:29 - 2004-01-20 12:11 - 00000050 ____A C:\Windows\wiaservc.log
2012-12-20 05:26 - 2012-02-12 17:50 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-12-20 05:26 - 2004-01-20 19:04 - 00001158 ____A C:\Windows\System32\wpa.dbl
2012-12-20 05:25 - 2012-05-11 16:24 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\TSVNCache
2012-12-20 05:25 - 2012-02-26 21:46 - 00000062 __ASH C:\Documents and Settings\UpdatusUser\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 20:19 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-12-20 05:25 - 2004-01-20 12:08 - 00347400 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 05:09 - 2012-12-19 16:24 - 00018126 ____A C:\Windows\KB2758857.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00246347 ____A C:\Windows\FaxSetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00118240 ____A C:\Windows\ocgen.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00094360 ____A C:\Windows\tsoc.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00081248 ____A C:\Windows\comsetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00049336 ____A C:\Windows\ntdtcsetup.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00043071 ____A C:\Windows\iis6.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00013680 ____A C:\Windows\ocmsn.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00012360 ____A C:\Windows\msgsocm.log
2012-12-20 05:09 - 2012-02-16 15:42 - 00001393 ____A C:\Windows\imsins.log
2012-12-20 05:08 - 2012-02-16 15:42 - 00124311 ____A C:\Windows\setupapi.log
2012-12-20 05:07 - 2012-12-20 05:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$
2012-12-20 05:04 - 2004-01-20 12:09 - 00001393 ____A C:\Windows\imsins.BAK
2012-12-20 05:02 - 2012-12-20 05:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$
2012-12-20 04:58 - 2012-10-07 14:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-12-20 04:50 - 2012-12-20 04:42 - 00009988 ____A C:\Windows\KB2779562.log
2012-12-20 04:50 - 2007-02-16 15:02 - 00731590 ____A C:\Windows\System32\TZLog.log
2012-12-20 04:42 - 2012-12-20 04:42 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$
2012-12-20 04:09 - 2012-12-20 04:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$
2012-12-20 03:45 - 2012-12-20 03:30 - 00017184 ____A C:\Windows\KB2761465-IE8.log
2012-12-20 03:43 - 2012-02-16 15:42 - 00021695 ____A C:\Windows\updspapi.log
2012-12-20 03:33 - 2004-11-20 03:00 - 00000000 ____D C:\Windows\$hf_mig$
2012-12-20 03:03 - 2005-05-11 17:00 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-10 16:19 - 2012-02-26 21:46 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2012-12-10 02:39 - 2012-12-10 02:39 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\QuickScan
2012-12-10 02:31 - 2012-12-09 23:52 - 00195551 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2012-12-10 02:31 - 2012-12-09 23:52 - 00194762 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2012-12-10 02:20 - 2004-01-20 20:15 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2012-12-10 02:18 - 2012-12-10 02:18 - 00000717 ____A C:\Documents and Settings\All Users\Desktop\VIO Player.lnk
2012-12-10 02:18 - 2012-12-10 02:18 - 00000000 ____D C:\Program Files\VIO Player
2012-12-10 00:48 - 2010-02-25 18:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\uTorrent
2012-12-09 23:54 - 2012-12-09 23:54 - 00000382 ____A C:\Windows\DCEBOOT.RST
2012-12-09 23:54 - 2012-12-09 23:54 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-12-09 23:53 - 2012-12-09 23:53 - 00181808 ____A C:\Windows\RegBootClean.exe
2012-12-09 23:53 - 2012-12-09 23:53 - 00022064 ____A C:\Windows\DCEBoot.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 02002944 ____A (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
2012-12-09 23:39 - 2012-12-09 23:39 - 00000036 ____A C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2012-12-09 20:20 - 2012-10-07 14:48 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2012-12-08 17:31 - 2012-10-07 17:14 - 00002501 ____A C:\Documents and Settings\Owner\Desktop\Microsoft Word 2010 (2).lnk
2012-12-06 17:19 - 2012-10-26 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-12-04 18:10 - 2009-09-01 17:14 - 00000472 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-12-04 07:13 - 2006-09-12 23:54 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2012-11-30 23:03 - 2011-05-15 23:16 - 00000000 ____D C:\Program Files\StarCraft II
2012-11-30 23:03 - 2008-07-25 15:23 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2012-11-30 22:45 - 2012-11-30 22:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Battle.net


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-12-20 03:01 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2003

RP: -> 2012-12-09 18:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2002

RP: -> 2012-12-08 18:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2001

RP: -> 2012-12-07 16:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP2000

RP: -> 2012-12-06 15:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1999

RP: -> 2012-12-05 14:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1998

RP: -> 2012-12-04 14:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1997

RP: -> 2012-12-03 13:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1996

RP: -> 2012-12-02 12:46 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1995

RP: -> 2012-12-01 12:30 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1994

RP: -> 2012-11-30 09:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1993

RP: -> 2012-11-29 08:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1992

RP: -> 2012-11-28 03:26 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1991

RP: -> 2012-11-26 21:24 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1990

RP: -> 2012-11-26 17:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1989

RP: -> 2012-11-25 13:24 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1988

RP: -> 2012-11-24 11:12 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1987

RP: -> 2012-11-23 10:05 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1986

RP: -> 2012-11-22 09:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1985

RP: -> 2012-11-21 08:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1984

RP: -> 2012-11-20 08:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1983

RP: -> 2012-11-19 08:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1982

RP: -> 2012-11-18 07:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1981

RP: -> 2012-11-17 07:40 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1980

RP: -> 2012-11-16 05:33 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1979

RP: -> 2012-11-15 05:16 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1978

RP: -> 2012-11-14 03:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1977

RP: -> 2012-11-13 10:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1976

RP: -> 2012-11-12 10:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1975

RP: -> 2012-11-11 09:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1974

RP: -> 2012-11-10 08:50 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1973

RP: -> 2012-11-09 08:10 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1972

RP: -> 2012-11-08 04:44 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1971

RP: -> 2012-11-07 03:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1970

RP: -> 2012-11-06 03:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1969

RP: -> 2012-11-05 14:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1968

RP: -> 2012-11-05 08:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1967

RP: -> 2012-11-04 06:16 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1966

RP: -> 2012-11-03 05:44 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1965

RP: -> 2012-11-02 04:11 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1964

RP: -> 2012-11-01 03:45 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1963

RP: -> 2012-10-31 02:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1962

RP: -> 2012-10-30 02:48 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1961

RP: -> 2012-10-29 02:47 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1960

RP: -> 2012-10-27 23:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1959

RP: -> 2012-10-26 22:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1958

RP: -> 2012-10-25 22:18 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1957

RP: -> 2012-10-24 21:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1956

RP: -> 2012-10-23 21:14 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1955

RP: -> 2012-10-22 20:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1954

RP: -> 2012-10-21 19:56 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1953

RP: -> 2012-10-20 15:13 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1952

RP: -> 2012-10-19 11:02 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1951

RP: -> 2012-10-18 10:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1950

RP: -> 2012-10-17 09:09 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1949

RP: -> 2012-10-16 08:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1948

RP: -> 2012-10-15 07:54 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1947

RP: -> 2012-10-14 07:43 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1946

RP: -> 2012-10-13 02:57 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1945

RP: -> 2012-10-12 02:25 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1944

RP: -> 2012-10-11 02:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1943

RP: -> 2012-10-10 03:07 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1942

RP: -> 2012-10-09 02:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1941

RP: -> 2012-10-08 02:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1940

RP: -> 2012-10-07 16:34 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1939

RP: -> 2012-10-07 14:49 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1938

RP: -> 2012-10-07 14:39 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1937

RP: -> 2012-10-06 20:54 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1936

RP: -> 2012-10-05 18:25 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1935

RP: -> 2012-10-04 16:23 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1934

RP: -> 2012-10-03 15:52 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1933

RP: -> 2012-10-02 15:51 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1932

RP: -> 2012-10-01 15:42 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1931

RP: -> 2012-09-30 15:21 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1930

RP: -> 2012-09-29 14:21 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1929

RP: -> 2012-09-28 14:13 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1928

RP: -> 2012-09-27 10:30 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1927

RP: -> 2012-09-26 08:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1926

RP: -> 2012-09-25 07:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1925

RP: -> 2012-09-24 07:20 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1924

RP: -> 2012-09-23 06:22 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1923

RP: -> 2012-09-22 06:00 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1922

RP: -> 2012-09-21 20:02 - 024576 _restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1921


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2047.3 MB
Available physical RAM: 1758.23 MB
Total Pagefile: 1878.03 MB
Available Pagefile: 1806.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (HP_PAVILION) (Fixed) (Total:185.45 GB) (Free:14.6 GB) NTFS ==>[Drive with boot components (Windows XP)]
9 Drive i: (HP_RECOVERY) (Fixed) (Total:4.45 GB) (Free:0.37 GB) FAT32 ==>[Drive with boot components (Windows XP)]
11 Drive k: (HITMANPRO) (Removable) (Total:14.5 GB) (Free:14.48 GB) FAT32
12 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 190 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

=========================================================
==================== End Of Log ============================
  • 0

#36
drewdreworld
Posted 29 December 2012 - 01:45 AM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I just wanted to give you a heads up I'll be gone from my computer like 36 hours or so. I'll be back tho I promise. <3 Aaron ty so much for everything :)
  • 0

#37
Aaron
Posted 29 December 2012 - 02:13 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Ok, no problem.
  • 0

#38
Aaron
Posted 29 December 2012 - 08:06 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Farbar Recovery Scan Tool (FRST) has been updated, please download Farbar Recovery Scan Tool and replace the old file on the flash drive.

Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix application to the USB drive. You don't need to run the tool. FRST will use the tool automatically.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt 

SaveMbr: Drive=0
cmd: dir /a c:\
cmd: type c:\boot.ini
cmd: dir /a i:\
cmd: type i:\boot.ini

Now please boot from the OTLPE cd again.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.

- Aaron
  • 0

#39
drewdreworld
Posted 30 December 2012 - 05:52 PM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-12-2012
Ran by SYSTEM at 2012-12-30 18:50:54 Run:3
Running from K:\

==============================================

HKU\SaveMbr: Drive=0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found.
MBRDUMP.txt is made successfully.

========= dir /a c:\ =========

Volume in drive C is HP_PAVILION
Volume Serial Number is 44A7-7439

Directory of c:\

09/10/2008 09:58 AM <DIR> $VAULT$.AVG
12/26/2012 06:25 PM 111,764 aaw7boot.log
11/13/2004 01:34 AM 2,636,408 aawsepersonal.exe
02/08/2006 07:10 PM 10,920 aolconnfix.exe
02/08/2006 07:10 PM 1,039 aolconnfix.txt
10/12/2010 03:09 PM <DIR> assembly
01/20/2004 08:16 PM 0 AUTOEXEC.BAT
02/14/2006 04:46 PM 12,284,879 AVG7QT.DAT
12/17/2004 02:27 PM 19,677,368 BellSouthIW.reg
12/17/2004 02:18 PM <DIR> BLSInfo
02/06/2010 06:20 PM 972 BnetLog.txt
08/30/2012 06:42 AM 281 boot.ini
12/28/2012 12:56 PM 100,164 bootex.log
05/13/2006 11:16 AM 7,873 caisslog.txt
09/12/2011 02:37 PM <DIR> CanonMP
05/08/2006 05:19 PM 296 clean.bat
04/26/2004 04:13 PM <DIR> cmdcons
08/29/2002 07:00 AM 245,920 cmldr
02/12/2012 05:54 PM 17,728 ComboFix.txt
12/20/2012 04:58 AM <DIR> Config.Msi
01/20/2004 08:16 PM 0 CONFIG.SYS
12/10/2004 11:34 AM <DIR> Corel
01/03/2012 06:06 AM <DIR> DivX Movies
02/26/2012 09:46 PM <DIR> Documents and Settings
11/18/2011 05:02 AM <DIR> Downloads
12/28/2012 11:12 AM <DIR> found.000
12/26/2012 06:36 PM <DIR> FRST
09/06/2001 08:00 AM 1,700,352 gdiplus.dll
12/28/2012 07:47 PM 2,146,816,000 hiberfil.sys
05/25/2006 11:29 PM <DIR> hp
08/03/2006 01:23 AM 45,453 hpfr5100.log
12/20/2007 12:57 PM 66 INSTALL.LOG
01/22/2004 04:32 AM <DIR> Intel
01/20/2004 08:16 PM 0 IO.SYS
03/07/2008 01:27 AM <DIR> JBuilder8
05/01/2004 02:19 PM <DIR> KPCMS
04/01/2008 08:12 PM <DIR> Logs
01/20/2004 08:16 PM 0 MSDOS.SYS
10/07/2012 02:39 PM <DIR> MSOCache
08/22/2010 02:50 AM <DIR> My Music
12/10/2004 11:34 AM <DIR> MyFiles
11/18/2004 08:18 PM 47,564 NTDETECT.COM
08/19/2008 04:50 AM 250,048 ntldr
10/24/2011 01:47 PM <DIR> NVIDIA
12/27/2012 04:36 PM 112,298 OTL.Txt
07/12/2011 09:55 PM 2,237,440 OTLPE.exe
12/28/2012 07:47 PM 805,306,368 pagefile.sys
12/16/2004 03:57 PM <DIR> PNTDATA
12/10/2004 11:22 AM <DIR> PNTTEMPL
12/10/2012 02:18 AM <DIR> Program Files
09/21/2008 01:39 AM <DIR> ProgramData
10/23/2005 02:51 PM <DIR> Python22
03/04/2012 11:46 AM <DIR> Qoobox
05/11/2012 01:49 PM <DIR> RECYCLER
02/10/2012 03:25 PM 433 rkill real.txt
02/12/2012 06:33 AM 2,180 rkill.log
04/26/2004 04:11 PM <DIR> sysprep
10/03/2011 05:05 AM <DIR> System Volume Information
01/20/2004 08:37 PM <DIR> system.sav
01/03/2012 03:02 PM 58,208 TDSSKiller.2.6.25.0_03.01.2012_14.58.00_log.txt
01/03/2012 03:22 PM 57,206 TDSSKiller.2.6.25.0_03.01.2012_15.09.38_log.txt
03/04/2012 11:44 AM 348 TDSSKiller.2.7.11.0_04.03.2012_11.44.27_log.txt
02/10/2012 02:11 AM 115,764 TDSSKiller.2.7.11.0_10.02.2012_02.08.22_log.txt
02/10/2012 02:17 AM 59,484 TDSSKiller.2.7.11.0_10.02.2012_02.17.21_log.txt
02/10/2012 02:20 AM 58,350 TDSSKiller.2.7.11.0_10.02.2012_02.20.17_log.txt
02/10/2012 02:24 AM 58,350 TDSSKiller.2.7.11.0_10.02.2012_02.23.55_log.txt
02/10/2012 01:43 PM 59,474 TDSSKiller.2.7.11.0_10.02.2012_13.43.03_log.txt
02/10/2012 01:52 PM 58,350 TDSSKiller.2.7.11.0_10.02.2012_13.52.27_log.txt
02/10/2012 03:30 PM 59,432 TDSSKiller.2.7.11.0_10.02.2012_15.25.42_log.txt
02/10/2012 03:39 PM 59,474 TDSSKiller.2.7.11.0_10.02.2012_15.39.10_log.txt
02/11/2012 03:32 PM 59,462 TDSSKiller.2.7.11.0_11.02.2012_15.31.08_log.txt
02/11/2012 04:18 PM 59,744 TDSSKiller.2.7.11.0_11.02.2012_16.17.45_log.txt
02/11/2012 04:36 PM 59,550 TDSSKiller.2.7.11.0_11.02.2012_16.29.34_log.txt
02/11/2012 04:46 PM 59,550 TDSSKiller.2.7.11.0_11.02.2012_16.41.39_log.txt
02/11/2012 08:57 PM 2,930 TDSSKiller.2.7.11.0_11.02.2012_20.57.01_log.txt
02/12/2012 06:36 AM 59,758 TDSSKiller.2.7.11.0_12.02.2012_06.34.56_log.txt
03/04/2012 11:45 AM 56,354 TDSSKiller.2.7.18.0_04.03.2012_11.45.08_log.txt
02/12/2012 06:36 AM <DIR> TDSSKiller_Quarantine
03/07/2008 01:27 AM <DIR> temp
10/03/2011 12:37 AM <DIR> VIPRERESCUE
12/28/2012 07:54 PM <DIR> WINDOWS
12/10/2004 11:22 AM <DIR> WINPOINT
05/01/2004 02:13 PM <DIR> WUTemp
12/26/2012 04:36 PM <DIR> _OTL
11/26/2012 09:18 PM <DIR> _OTM
06/06/2008 03:10 PM 162 ~$meline.html
47 File(s) 2,992,615,764 bytes
39 Dir(s) 15,682,818,048 bytes free

========= End of CMD: =========

HKU\cmd: dir /a c:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found.

========= type c:\boot.ini =========

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

========= End of CMD: =========

HKU\cmd: type c:\boot.ini\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found.

========= dir /a i:\ =========

Volume in drive I is HP_RECOVERY
Volume Serial Number is 2E35-2EF9

Directory of i:\

12/28/2012 07:38 PM 1,368 BOOTEX.LOG
01/09/2002 07:52 PM 244 BOOT.INI
01/16/2004 05:56 PM <DIR> cmdcons
08/17/2001 09:26 AM 237,728 CMLDR
07/28/2001 06:07 AM 0 CONFIG.SYS
09/09/2002 11:14 PM 100 Desktop.ini
09/10/2002 05:14 PM 8,134 Folder.htt
04/30/2001 08:16 PM 14 GRAPH
01/25/2002 06:21 PM 0 GRAPH16
07/28/2001 06:07 AM 0 IO.SYS
01/16/2004 05:43 PM <DIR> MiniNT
07/28/2001 06:07 AM 0 MSDOS.SYS
07/25/2001 10:00 PM 45,124 NTDETECT.COM
08/17/2001 03:32 PM 0 NTFS
07/25/2001 10:00 PM 222,880 NTLDR
01/22/2004 09:50 PM <DIR> PRELOAD
09/10/2002 02:50 PM 181,651 protect.ed
01/22/2004 02:06 PM 36 SAVEFILE.DIR
04/30/2001 08:16 PM 14 SVGA
02/09/2002 12:44 AM 88,038 Warning.bmp
01/22/2004 02:50 PM 6 BLOCK.RIN
02/12/2004 01:20 PM <DIR> I386
01/22/2004 03:02 PM 1,150 MASTER.LOG
08/18/2001 03:00 PM 10 WIN51
01/22/2001 03:00 PM 11 WIN51.B2
07/25/2001 03:00 PM 11 WIN51.RC1
07/25/2001 08:47 PM 11 WIN51.RC2
08/18/2001 03:00 PM 10 WIN51IC
03/20/2001 03:00 PM 11 WIN51IC.B2
07/25/2001 03:00 PM 11 WIN51IC.RC1
07/25/2001 03:00 PM 11 WIN51IC.RC2
08/17/2001 03:00 PM 10 WIN51IP
01/22/2001 03:00 PM 11 WIN51IP.B2
07/25/2001 08:47 PM 11 WIN51IP.RC2
08/17/2001 01:17 PM 184 WINBOM.INI
02/12/2004 01:43 PM <DIR> TOOLS
11/05/2002 10:22 AM 0 42NAheBLU4.txt
02/12/2004 01:46 PM <DIR> hp
02/12/2004 01:46 PM <DIR> RECOVERY
02/12/2004 01:46 PM 18 USER
04/26/2004 05:13 PM <DIR> System Volume Information
04/26/2004 05:15 PM <DIR> Recycled
33 File(s) 786,807 bytes
9 Dir(s) 397,594,624 bytes free

========= End of CMD: =========

HKU\cmd: dir /a i:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found.

========= type i:\boot.ini =========

[boot loader]
timeout=0
default=C:\CMDCONS\BOOTSECT.DAT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

========= End of CMD: =========

HKU\cmd: type i:\boot.ini\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found.

==== End of Fixlog ====

Attached Files


  • 0

#40
Aaron
Posted 01 January 2013 - 05:53 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Well those last logs looks good, MBR look ok, and we replaced some damaged Windows files and did a hard disk repair, but it still won't boot. We think this system is just too corrupt and even if it boots again, it won't work like it should. I recommend you backup all your files using the OTLPE cd to access your computer and do a factory restore with that OEM partition or borrow a Windows XP cd from someone.

How about it?
- Aaron
  • 0

Advertisements

#41
drewdreworld
Posted 04 January 2013 - 02:39 AM

drewdreworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Can I just go into my computer and what not via the CD or how would I access files? I've been using this PC since I got it in april 04 so I'm gonna say it probably does in fact need reformatting anyway, I can't argue that, haha. I appreciate all your help with it.

And is there any fear if I transfer documents/pictures over to a different PC that it could bring the virus with it or is that not likely at all?

Sorry for taking a while to respond =\

Edited by drewdreworld, 04 January 2013 - 02:40 AM.

  • 0

#42
Aaron
Posted 04 January 2013 - 03:05 AM

Aaron

    Expert

  • Expert
  • 3,155 posts

Can I just go into my computer and what not via the CD or how would I access files?

You can access them like you normally would. If you need you "My Documents" for example go to My computer > C: > Documents and Settings > *Your user name*.

And is there any fear if I transfer documents/pictures over to a different PC that it could bring the virus with it or is that not likely at all?

Documents and pictures probably won't, but be careful with executable files like .exe .com .scr and also .zip and .rar.
I recommend you put these files on your other computer and don't open them yet. Then do a scan of all those files with your AV + MalwareBytes.

Sorry for taking a while to respond =\

No problem.
  • 0

#43
Aaron
Posted 11 January 2013 - 03:59 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP