Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSODs and boot.ini deleted after every reboot [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I'm assuming it's alright to do the ComboFix step now or is there another way to turn boot logging on?


Yes, go ahead with the ComboFix one. Don't worry about the boot logging. :thumbsup:
  • 0

Advertisements


#17
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Here's the log.

ComboFix 13-02-18.02 - Ally 02/19/2013 21:31:41.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2498 [GMT -5:00]
Running from: c:\documents and settings\Ally\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ally\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"C:\cmdinstall.exe"
"c:\windows\system32\GameMon.des -service"
"c:\windows\System32\guard32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ally\Local Settings\Application Data\COMODO
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\chrome_shutdown_ms.txt
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Archived History-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Archived History
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\data_0
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\data_1
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\data_2
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\data_3
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\f_000001
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\f_000002
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\f_000003
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\f_000004
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\f_000005
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cache\index
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cookies-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Cookies
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Current Session
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Current Tabs
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extension State\000003.log
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extension State\CURRENT
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extension State\LOCK
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extension State\LOG
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extension State\MANIFEST-000002
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\_locales\en\messages.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\_locales\ru\messages.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\_locales\uk\messages.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\icon.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\icon_16.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\icon_48.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\main.js
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\manifest.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\options.css
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\options.html
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn\0.2_0\options.js
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales\en\messages.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales\ru\messages.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\_locales\uk\messages.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\browser_action.html
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\css\browser_action.css
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\css\options.css
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\css\reset.css
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\default_services\facebook.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\default_services\linkedin.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\default_services\twitter.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\extension_icon_settings.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\logo.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\popup_menu_title.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\toolbar_icon_active.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\icons\toolbar_icon_inactive.png
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\js\background.js
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\js\browser_action.js
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\js\options.js
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\js\utils.js
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\manifest.json
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf\0.1_0\options.html
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Favicons-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Favicons
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\History-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\History Index 2013-02-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\History Index 2013-02
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\History Provider Cache
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\History
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Login Data-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Login Data
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Managed Mode Settings
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Network Action Predictor-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Network Action Predictor
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Preferences
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Shortcuts-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Shortcuts
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\User StyleSheets\Custom.css
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Visited Links
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Web Data-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Default\Web Data
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\First Run
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Local State
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Safe Browsing Cookies-journal
c:\documents and settings\Ally\Local Settings\Application Data\COMODO\Dragon\User Data\Safe Browsing Cookies
c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
c:\documents and settings\LocalService\Local Settings\Application Data\COMODO\Dragon\User Data\Local State
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Files Created from 2013-01-20 to 2013-02-20 )))))))))))))))))))))))))))))))
.
.
2013-02-20 01:39 . 2013-02-20 01:39 8281168 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-19 04:01 . 2013-02-19 04:01 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-18 23:54 . 2013-02-18 23:54 -------- d-----w- C:\_OTL
2013-02-18 23:50 . 2013-02-18 23:50 -------- d-----w- c:\documents and settings\Ally\Application Data\Uninstaller Tool(Comodo Forums)
2013-02-18 04:44 . 2013-02-18 04:44 -------- d-----w- C:\themes
2013-02-18 04:44 . 2013-01-24 22:42 281808 ----a-w- C:\7za.dll
2013-02-18 04:44 . 2013-02-18 04:44 -------- d-----w- C:\cis
2013-02-18 04:44 . 2013-01-24 22:42 3360976 ----a-w- C:\cmdhtml.dll
2013-02-18 04:44 . 2013-01-24 22:42 18980560 ----a-w- C:\cmdinstall.exe
2013-02-18 04:14 . 2013-02-18 04:14 -------- d-----w- c:\program files\NirSoft
2013-02-18 02:33 . 2013-02-18 02:33 -------- d-----w- c:\documents and settings\Ally\Application Data\Malwarebytes
2013-02-18 02:32 . 2013-02-18 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-18 02:32 . 2013-02-18 02:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-18 02:32 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-17 20:54 . 2013-02-17 20:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-02-17 06:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-02-17 06:02 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-02-17 06:02 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-02-17 06:01 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-02-17 06:00 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-02-17 06:00 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-02-17 05:58 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-02-17 05:57 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-02-17 05:54 . 2012-12-26 20:16 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-17 05:54 . 2012-12-26 20:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-02-17 05:51 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-02-17 05:51 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-02-17 05:51 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-02-17 05:48 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-02-17 02:51 . 2008-04-14 00:12 218624 ----a-w- c:\windows\system32\uxtheme.backup
2013-02-17 02:07 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-17 02:07 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-17 02:07 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-17 02:07 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-17 02:06 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-17 02:06 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-17 02:06 . 2013-02-17 02:06 -------- d-----w- c:\program files\AVAST Software
2013-02-17 02:06 . 2013-02-17 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-02-17 02:02 . 2013-02-17 02:02 -------- d-----w- c:\program files\Magical Jelly Bean
2013-02-17 01:58 . 2013-02-17 01:58 -------- d-----w- c:\program files\Belarc
2013-02-17 01:58 . 2011-08-09 21:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2013-02-17 01:38 . 2013-02-17 01:39 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-02-17 01:38 . 2013-02-17 01:39 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-02-17 01:38 . 2013-02-17 01:38 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-02-17 01:38 . 2013-02-17 01:38 -------- d-----w- c:\program files\NVIDIA Corporation
2013-02-17 01:09 . 2013-02-17 01:10 -------- d-----w- c:\documents and settings\Ally\Local Settings\Application Data\Google
2013-02-17 01:09 . 2013-02-17 01:09 -------- d-----w- c:\program files\Google
2013-02-16 07:45 . 2013-02-17 00:29 -------- d-----w- c:\documents and settings\Ally\Backed up files from the 1TB
2013-02-16 07:20 . 2004-11-17 08:11 9319936 ----a-w- c:\windows\system32\RTLCPL.EXE
2013-02-16 07:20 . 2004-09-07 06:23 156672 ----a-w- c:\windows\system32\RTLCPAPI.dll
2013-02-16 07:20 . 2004-07-16 06:19 70400 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys
2013-02-16 07:19 . 2004-11-17 11:05 2297664 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2013-02-16 07:19 . 2004-11-17 08:08 16162816 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2013-02-11 00:37 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2013-02-11 00:37 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-02-11 00:37 . 2008-04-14 00:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2013-02-11 00:37 . 2008-04-14 00:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
2013-02-11 00:37 . 2008-04-14 00:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
2013-02-11 00:37 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax
2013-02-11 00:37 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2013-02-11 00:37 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2013-02-11 00:36 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2013-02-11 00:36 . 2008-04-13 18:40 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2013-02-11 00:35 . 2008-04-13 18:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2013-02-11 00:35 . 2008-04-13 18:45 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2013-01-27 18:53 . 2013-01-27 18:54 -------- d-----w- C:\f12faa67f3615af0b880
2013-01-26 03:55 . 2013-01-26 03:55 552448 -c----w- c:\windows\system32\dllcache\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 05:11 . 2010-03-04 00:54 285256 ----a-w- c:\windows\system32\guard32.dll
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-01-28 2937528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56294:TCP"= 56294:TCP:Pando Media Booster
"56294:UDP"= 56294:UDP:Pando Media Booster
"<NO NAME>"=
"58422:TCP"= 58422:TCP:Pando Media Booster
"58422:UDP"= 58422:UDP:Pando Media Booster
"58670:TCP"= 58670:TCP:Pando Media Booster
"58670:UDP"= 58670:UDP:Pando Media Booster
"57761:TCP"= 57761:TCP:Pando Media Booster
"57761:UDP"= 57761:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/4/2009 5:58 PM 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/16/2013 9:07 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/16/2013 9:07 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/16/2013 9:07 PM 21256]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [4/11/2009 3:39 PM 1373480]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/29/2009 7:24 PM 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-17 01:09 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-17 23:50]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-17 01:09]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-17 01:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Ally\Application Data\Mozilla\Firefox\Profiles\iym1yxeh.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-19 21:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-02-19 21:47:19 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-20 02:47
ComboFix2.txt 2013-02-19 22:08
ComboFix3.txt 2013-02-18 03:22
.
Pre-Run: 305,036,136,448 bytes free
Post-Run: 304,950,747,136 bytes free
.
- - End Of File - - 34B489414C71819A259444F489A30ABA
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again Quamble,

Have you got your installion disk for that system? Tell me when you come back.

Meantime

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#19
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I don't have the exact disk to this computer, no. Unfortunately, my elderly grandfather who gave me this computer threw it away and no one found out until later. I do have a Windows XP SP1 disk though, will that work? Alright, I'll be downloading that ESET program now.
  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

I don't have the exact disk to this computer, no. Unfortunately, my elderly grandfather who gave me this computer threw it away and no one found out until later. I do have a Windows XP SP1 disk though, will that work?


Well we have a couple of different ways to go.

My original thought was that we would clean the machine of malware and then work towards fixing the system problems. We have been moving quite nicely in the right direction but for the Boot.ini difficulty which can usually be fixed simply via the Recovery Console. Doesn't look as though we can use that approach from what CF says so we are left with a Windows Repair using the installation disk. Not too hard to do if you have the right disk.

XP has been around for quite a while and gone through a couple of substantial upgrades... not so easy to use the original SP1 disk anymore.

We do have some options though and a couple of things to try, so don't panic yet. :lol:

Firstly though let's complete the malware one by running the ESET scan.

After that we can check some things and look at some other possibilities. :)
  • 0

#21
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Thanks for the help. This is a shared computer sometimes, and everyone was freaking out and thinking the problem was it just being too old and giving up, which I hope isn't the case. The ESET scan finished.

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b74071753b3fa847a8002559e874b86f
# engine=13197
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-20 11:03:28
# local_time=2013-02-20 06:03:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 100 91 0 137189680 0 0
# scanned=980294
# found=42
# cleaned=42
# scan_time=45344
sh=CD2A41C348F5E302FECE9FA3E709E6CC7E2AD293 ft=0 fh=0000000000000000 vn="probably a variant of Win32/AGTH.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Ally\Backed up files from the 1TB\Game Files\Otomes\(Otome game) [QuinRose] Anniversary no Kuni no Alice ~Wonderful Wonder World~\agth.rar"
sh=B66047C5AEA0C13982F4A3984BAF0C8380130D37 ft=1 fh=686ecd6ed7d08742 vn="Win32/HackTool.Crack.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ally\Backed up files from the 1TB\Misc\Analogue.A.Hate.Story.v1.1.full-THETA\Analogue - A Hate Story.exe"
sh=D3D9DC93349AF680AD710BD58377233EE824EE3B ft=1 fh=e789fd1e81990c15 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ally\My Documents\Downloads\AIM_Install.exe"
sh=3020B029859FCA64DD7302B6A15EB95ED63F2CE4 ft=1 fh=c3fa197657d89c9b vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ally\My Documents\Downloads\KeyFinderInstaller.exe"
sh=A6C754B54D97A43486F2E56EBC64AAD54139F23E ft=1 fh=21a488e0e031eeae vn="a variant of Win32/Bundled.Toolbar.Ask.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ally\My Documents\Downloads\SociamMiniTB5_FB-ASK_nvb-265_1.5.5.0.exe"
sh=BFCE34DC2F42E9F21E819A398636A4A35D99A912 ft=1 fh=04f627fc95b84515 vn="probably a variant of Win32/Hupigon.HWUOGIX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ally\My Documents\Janus_4.1\Janus4.exe"
sh=BFCE34DC2F42E9F21E819A398636A4A35D99A912 ft=1 fh=04f627fc95b84515 vn="probably a variant of Win32/Hupigon.HWUOGIX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Ally\My Documents\Lumm\Janus_4.1\Janus4.exe"
sh=3EC9345654AD207943D4F24E46C6F789B267BA58 ft=1 fh=a4f2e0b60a680e84 vn="probably a variant of Win32/AGTH.A application (cleaned by deleting - quarantined)" ac=C fn="D:\agth\agth.dll"
sh=8422EC3A681E72CBCEBABF6993FFDB78EC39E123 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-0507.AH trojan (deleted - quarantined)" ac=C fn="D:\Documents and Settings\Ally\Application Data\Sun\Java\Deployment\cache\6.0\10\5d8e4b8a-4445dd9c"
sh=1E156D55A7840CFFBD157DB248544323A62ABDCC ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined)" ac=C fn="D:\Documents and Settings\Ally\Application Data\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-5f4e28e8"
sh=A47EC8C2157620E36EA134251A70C0DF53052F37 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="D:\Documents and Settings\Ally\Application Data\Sun\Java\Deployment\cache\6.0\63\375f92ff-691d98b8"
sh=B66047C5AEA0C13982F4A3984BAF0C8380130D37 ft=1 fh=686ecd6ed7d08742 vn="Win32/HackTool.Crack.B application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\Desktop\Analogue.A.Hate.Story.v1.1.full-THETA\Analogue - A Hate Story.exe"
sh=8DC417F774F6C052E1F4CA13879F35C866EED7B6 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Adobe CS4 Activation Patch\Activation Blocker.cmd"
sh=30766464C8597554ABAAAD098FC8AC2D25D94515 ft=1 fh=303ded6c56c3b86c vn="probably a variant of Win32/UpToDown.B application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\alienguise-.exe"
sh=A308F25B113756C00B5DE478C4171E5E35B64034 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.B application (deleted - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\Analogue.A.Hate.Story.v1.1.full-THETA.rar"
sh=BA245F4673CEB4DA345603E507CE6A46268E0C28 ft=1 fh=3a695fd5a877c30c vn="a variant of Win32/BSDownloader application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\Brothersoft_downloader_For_Ever_Girl_for_GBA.exe"
sh=8A76F53EE30E22FCECBC76E350F9732C9CB49FBA ft=1 fh=bb1f3b8fb81d7798 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\cnet2_realistair_installer_exe.exe"
sh=EB0F6D69FBB69B540DFB4940B78369DEE676A918 ft=1 fh=bb1f3b8f720add76 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\cnet_youtestament_setup_exe.exe"
sh=EE2427338CFBD0EAD873E213F9FA9031795BAEE2 ft=1 fh=e5992996c44226e0 vn="MSIL/Solimba application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\CursorXP.exe"
sh=1BF3475345E6003C06C9330575F45E2CE4CA9860 ft=1 fh=0b6cdf15c941b6d9 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\DTLite4454-0315.exe"
sh=0280695143B0B259AB7BDFC6189A7C969F5E85BA ft=1 fh=521e1c1a8f69c0b3 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\FreeTwitTubeSetup-BD.exe"
sh=95EC62FE1F0F31C3684E44CE647B04223E0005FD ft=1 fh=a25250fd7fc62506 vn="probably a variant of Win32/UpToDown.B application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\hamachi-2.0.3.89.exe"
sh=B72B6B38DE4ED255386DB4ACA1A2A7BBE02614B9 ft=1 fh=8946223d993a5467 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\MediaFireToolbar-1.0.2.3-setup.exe"
sh=00E4CD3E9F69A54CFBF74E9D61707BB650DFA2FF ft=1 fh=1b9bc340a45b6bfc vn="Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_alienguise.exe"
sh=D4AFAC40B446B242EC3A766A89B064D01669D0E0 ft=1 fh=143b007d92a49f48 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_flashoffliner.exe"
sh=DED5CB4E1143456527A7820C9066550887820E8C ft=1 fh=b175b112d7c34f4b vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_google-translate-desktop.exe"
sh=42D4A54421B9DAA30C21EA999A8A32B593A6D0D7 ft=1 fh=d08574ea6980e21c vn="Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_hamachi.exe"
sh=514370E1E16BEB1B801DF7D4787642F9751FB4C8 ft=1 fh=5098bd8b6980e21c vn="Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_objectdock.exe"
sh=553B685F5F02CA37A3C61FA96E8E7AE77AE24F69 ft=1 fh=a1e7991b07f47d08 vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_surgeon-simulator-2013.exe"
sh=A2ABE06D03DD315C26DCE0D50F6C27D4F0333180 ft=1 fh=447b3463006e47f6 vn="a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Downloads\SoftonicDownloader_for_virtual-clonedrive.exe"
sh=CD2A41C348F5E302FECE9FA3E709E6CC7E2AD293 ft=0 fh=0000000000000000 vn="probably a variant of Win32/AGTH.A application (deleted - quarantined)" ac=C fn="D:\Documents and Settings\Ally\My Documents\Otomes\(Otome game) [QuinRose] Anniversary no Kuni no Alice ~Wonderful Wonder World~\agth.rar"
sh=64F2226CB8DEFF1DB3D1C663070E5EA6A07D5FEB ft=1 fh=d8fa57cd2014c5b4 vn="a variant of Win32/Kryptik.AIGB trojan (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\0.4110688544446308"
sh=B1D247815B4908C1DF541483BC0B54ADCF671D67 ft=1 fh=7e799e87ef7489fd vn="a variant of Win32/Kryptik.AAKQ trojan (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\3d9a8862889287447438176.tmp"
sh=EA3A5FF81863FF1A63A6892B063839861C22164D ft=1 fh=3f5f09f2aca7d621 vn="a variant of Win32/Kryptik.AAKQ trojan (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\3d9a959975157397943012.tmp"
sh=48E299D74ECD7FB658E83A903BB0A3377F8A8666 ft=1 fh=afa58dd3f25bb82c vn="a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\nsg2B2.tmp"
sh=8A76F53EE30E22FCECBC76E350F9732C9CB49FBA ft=1 fh=bb1f3b8fb81d7798 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\ICReinstall\cnet2_realistair_installer_exe.exe"
sh=806CF13101B5F8EDEAEA1CD2CF938BF5FA772386 ft=1 fh=8b0bf2da2a69b896 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\ICReinstall\cnet_myuninst_zip.exe"
sh=EB0F6D69FBB69B540DFB4940B78369DEE676A918 ft=1 fh=bb1f3b8f720add76 vn="a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)" ac=C fn="D:\found.003\dir0000.chk\ICReinstall\cnet_youtestament_setup_exe.exe"
sh=08E0F296112ACB5ABB469107D1678D7E56082C78 ft=1 fh=2e92757c7f820dbe vn="a variant of Win32/HackTool.Patcher.A application (cleaned by deleting - quarantined)" ac=C fn="D:\Program Files\Atari\Neverwinter Nights 2\nwn2-privateserver-patch.exe"
sh=1EFF205D7D0D82BAF841A98C176D700114E13FE6 ft=1 fh=b22528247c19a550 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="D:\Program Files\MediaFire\Toolbar\ask\ApnIC.dll"
sh=B761F6A793DEED25ED47FFA20FDB18C0F38B95E3 ft=1 fh=4129607c4cc3365f vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="D:\Program Files\MediaFire\Toolbar\ask\ApnToolbarInstaller.exe"
sh=D1C456741D9EEB6E9511CBCD835B6EA211123FA8 ft=1 fh=d1f86b50e6e31a42 vn="Win32/WFPDisabler.A application (cleaned by deleting - quarantined)" ac=C fn="D:\WINDOWS\Neon Skin Pack\Tools\wfpdisable.exe"
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Quamble,

Let's see if we can look at the boot.ini file.
  • Right click on My Computer and choose Properties
  • In the Properties window, click on the Advanced tab.
  • In the Startup and Recovery section, click on the Settings button.
  • In the window that opens, click on the Edit button...a notepad window will open (boot.ini)
  • copy the contents of that window and paste it here for me.

Next

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

After that

Please run chkdsk.

Go to Windows XP chkdsk for some helpful instructions.

Run the chkdsk command to check for problems.

To do this:

  • Click Start, select Run,
  • Then type cmd in the box; to get to the Command Prompt utility
  • Click Ok
  • Run the chkdsk utility by typing in the following command:
chkdsk c: /f /r

Note: The gaps should be there.

  • at the question "Would you like to schedule this volume to be checked the next time the system restarts?" type Y
  • Restart you computer and let chkdsk run
The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Be patient, it can take a long time.

When it's finished come back and tell me how it went.
  • 0

#23
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I tried to look at the boot.ini but it said it couldn't find it, then it asked if I wanted to make a new file, I clicked yes, but the note pad is blank. I'll do the next steps as asked now, just wanted to give you an update.
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
:thumbsup:
  • 0

#25
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Er, alright, so I just scheduled the check disk just as you told me, then I restarted, but when it started to run it said it was done and that the system was clean and finished booting up. I'm not sure if this is a good thing or a bad thing at this point. Here's the log from MGADiag program.

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-BW8QM-R47PT-8JC4T
Windows Product Key Hash: id/x+UjGqlEXQS27L+UDxFE/250=
Windows Product ID: 76477-OEM-2170902-55498
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {AE2C811D-4576-4A24-96D4-5618DCA49765}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AE2C811D-4576-4A24-96D4-5618DCA49765}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8JC4T</PKey><PID>76477-OEM-2170902-55498</PID><PIDType>3</PIDType><SID>S-1-5-21-1417001333-287218729-682003330</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F5</Version><SMBIOSVersion major="2" minor="3"/><Date>20050819000000.000000+000</Date></BIOS><HWID>A43536AF01848E7D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13FE0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13FE0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|13FE0:SYNNEX TECHNOLOGY INTERNATIONAL CORP
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Quamble,

Now the hard bit lol.

  • Please download BurnAtOnce and save it to your desktop. Click on Downloads, then on burnatonce 0.99.5
    • Install it by double-clicking on the file bao0995.exe that you downloaded.
    • Click Next, accept the license agreement, and click Next until the button says "Install". Click "Install" to finish.
  • Download the rc.iso file.
  • Save it to your desktop.
  • Put a blank CD in your computer’s burner.
  • Right-click on the file rc.iso, and select "burnatonce" from the menu.
  • Confirm that the box under the menu at the top says "rc.iso".
  • Click the "Write" button.
  • When the disk finishes, eject the CD.
  • Configure the computer to start from the CD-ROM or DVD-ROM drive. If you don't know how to do this tell me.
  • Insert the Image of rc.iso that you copied to CD into your CD-ROM or DVD-ROM drive, and then restart your computer.
  • When you receive the "Press any key to boot from CD" message, press a key to start your computer from the Windows XP CD-ROM.
  • You will be prompted with the following options:

    A. To setup Windows XP, press Enter.
    B. To repair Windows XP installation using recovery console, press R.

    Choose the option, "To repair the Windows XP installation using recovery console", press R. If an Administrator Password have been established, you will be prompted to type it in. If no Administrator Password exists, just press ENTER.

  • You will be presented with the following:

    Microsoft Windows® Recovery Console

    The Recovery Console provides system repair and recovery functionality.
    Type EXIT to quit the Recovery Console and restart the computer.

    1: C:\WINDOWS

    Which Windows Installation would you like to log onto
    (To cancel, press ENTER)?


  • Press the number 1 on your keyboard and hit Enter.
  • At the command prompt, type the following command and press Enter:

    bootcfg /rebuild

    Note the gap... it should be there.

Type Exit and press Enter. Take the CD out of the drive and let the computer restart.
  • 0

#27
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I did everything just as you said; I made sure it was configured in the BIOS to boot from the CD drive. As the disk said it was loading an error message popped up, unfortunately I don't remember what file it was, it may have been ntoskrnl, but I'm unsure. It said "error code 7" after the name of the file and then it said it would close. I tried to start up again on the disk to see the error message, but now every time I do, it just shows a bunch of weird code. Was it a bad copy? I could try to burn another disk; I have a bunch.
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts

Was it a bad copy? I could try to burn another disk; I have a bunch.


Might be that but see below:

From Windows Error Help

"'Error Code 7' errors and other critical malfunctions can arise when the Windows operating system becomes overloaded with invalid system references, as well as corrupted and deleted registry files. These problems commonly occur due to a lack of regular PC maintenance. As a computer operating system gets older, errors and crashes start to become more frequent and problematic."

Hopefully it's not the hard drive getting ready to go...

Let's do this and see if it helps matters:

Download Windows Repair (all in one) from here.

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select All and tick restart system when finished
Posted Image

After that try the Recovery Console one again. Either way come back and tell me how you got on.
  • 0

#29
Quamble

Quamble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I'd be pretty sad if it was. The 1TB that's currently hooked up as the secondary to this one is failing. It'd be weird to have both of them failing, that's never happened to me before. That's why I'm on this drive, it used to be my secondary when my 1TB was functioning, but all of a sudden SMART started predicting failure on that drive, so I backed everything I could up, switched to this drive and installed the drivers I needed to use the computer. I ran blarc adviser on this computer and it said this drive was healthy, but it very well could be failing now. If it IS failing, it makes me wonder why both hard drives started failing. It's alright if it is though, I have another one I could hook up. Unless I just need a whole new computer, which would suck. Sorry, I'm a blabber mouth, I'll do as you said now.
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Quamble,

Thanks to some advice from a colleague we have another way to deal with the boot.ini.

Before we do this one, we need to ensure hidden files and folders can be viewed,they should be but just to make sure;

* Click Start
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide extensions for known file types option.
* Click Yes to confirm.
* Click OK.

After that

Copy/paste the following in a fresh Notepad file :

[boot loader]
timeout=5
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect


Save at C:\ directly as boot.ini
Once created, right-click on boot.ini > Properties > set as "Read only" and "Hidden"
Reboot and it should be back for good.

Tell me how it goes. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP