Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

stuck in crazy boot cycle! [Closed]

Started by ameseliz , Sep 05 2013 08:41 PM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 12 September 2013 - 01:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I think it's time to try something else.

Let's see if your CD drive will do the job.

This is a way to access your computer using a disk we will create.

Before starting you might like to print these instruction out so that you know what you are doing

  • Download OTLPE.iso and save it somewhere you can get it.
  • Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD. NOTE:
  • Reboot your infected system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • The CD needs to detect your hardware and load the operating system...can take a bit of time, just be patient :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • If asked "Do you wish to load the remote registry", select Yes
  • If asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

Advertisements

#17
ameseliz
Posted 13 September 2013 - 05:01 PM

ameseliz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yay! We're getting somewhere!! Thank you so much for working with me!!
Below are the contents of the text file.


OTL logfile created on: 9/13/2013 7:33:01 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 7D:\pagefile.sys 2 7 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 7.10 Gb Free Space | 19.05% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 7.12 Gb Free Space | 95.34% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/08/04 22:22:31 | 000,943,616 | -HS- | M] () [Auto] -- C:\Program Files\Google\Desktop\Install\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\ \ \ﯹ๛\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\GoogleUpdate.exe [WARNING: C:\Program Files\Google\Desktop\Install\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\ \ \???\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\GoogleUpdate.exe] -- (etadpug) Google Update Service (gupdate)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/07 18:36:35 | 000,119,024 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/04/23 19:03:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/01/27 17:13:50 | 000,226,624 | ---- | M] () [On_Demand] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/09 02:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Disabled] -- C:\WINNT\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/08/20 00:23:32 | 000,063,176 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2002/05/03 14:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (PCDRDRV)
DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (CFcatchme)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2013/08/03 02:17:05 | 000,134,136 | ---- | M] () [Kernel | System] -- C:\Documents and Settings\Mike\Local Settings\temp\RarSFX0\bdselfpr.sys -- (bdselfpr)
DRV - [2013/06/30 21:18:44 | 000,175,176 | ---- | M] () [Kernel | Boot] -- C:\WINNT\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/30 21:18:09 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/30 21:17:30 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINNT\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot] -- C:\WINNT\system32\drivers\trufos.sys -- (trufos)
DRV - [2013/05/20 12:34:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\WINNT\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot] -- C:\WINNT\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINNT\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINNT\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINNT\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) [File_System | Boot] -- C:\WINNT\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2013/04/15 05:50:32 | 000,113,608 | ---- | M] (Power Software Ltd) [Kernel | System] -- C:\WINNT\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/26 19:37:12 | 000,017,360 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/26 19:37:10 | 000,031,520 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2013/03/23 15:51:42 | 000,247,968 | ---- | M] (IObit) [File_System | Disabled] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/11/07 03:16:20 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto] -- C:\WINNT\system32\drivers\asdrs.sys -- (asdrs)
DRV - [2012/11/07 03:16:20 | 000,014,160 | ---- | M] () [Kernel | Auto] -- C:\WINNT\system32\drivers\asdws.sys -- (asdws)
DRV - [2012/11/07 03:16:18 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System] -- C:\WINNT\system32\drivers\asdrm.sys -- (asdrm)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/01/31 18:03:44 | 000,994,664 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\WNA1000M.sys -- (RTL8192cu)
DRV - [2010/12/03 15:03:08 | 000,020,352 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/09/29 18:13:46 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/04/09 02:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 02:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto] -- C:\WINNT\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/04/26 01:03:56 | 000,009,600 | ---- | M] () [Kernel | System] -- C:\WINNT\System32\drivers\ISODisk.sys -- (ISODisk)
DRV - [2002/10/11 15:42:32 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand] -- C:\WINNT\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [2002/08/24 17:00:20 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\SymReDrv.sys -- (SYMREDRV)
DRV - [2002/08/06 17:24:16 | 001,107,680 | ---- | M] (GTW) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2002/05/03 14:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/17 15:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2000/09/12 02:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System] -- C:\WINNT\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
DRV - [2000/09/11 20:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\sk99202k.sys -- (Sk99202k)
DRV - [2000/06/06 12:29:58 | 000,006,736 | ---- | M] (RioPort.com) [Kernel | Auto] -- C:\WINNT\System32\drivers\RioPnP.sys -- (RioPNP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\Mike_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Mike_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.ElectionTracker_59.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINNT\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/25 17:36:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/25 17:36:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/08/03 02:57:15 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKU\Mike_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Mike_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ADBlocker] File not found
O4 - HKLM..\Run: [Anvi Smart Defender] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Microsoft Windows Hosting Service] C:\Documents and Settings\Mike\Local Settings\temp\csrss.exe (NoVirusThanks Company Srl)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKU\Mike_ON_C..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\Mike_ON_C..\Run: [Microsoft Windows Hosting Service] C:\Documents and Settings\Mike\Local Settings\temp\csrss.exe (NoVirusThanks Company Srl)
O4 - HKU\Mike_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\Mike_ON_C..\Run: [uTorrent] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1000M Genie.lnk = C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = [Binary data over 100 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 60285 = c:\docume~1\alluse~1\dxpvmaaat.exe (BreakFast Software)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Mike_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O12 - Plugin for: .mov - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll (Apple Inc.)
O12 - Plugin for: .pct - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll (Apple Inc.)
O12 - Plugin for: .spop - File not found
O12 - Plugin for: .tiff - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\GTW_blue.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\GTW_blue.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/11 20:22:07 | 000,000,053 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/04 23:37:43 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2013/08/03 01:51:26 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2013/08/03 01:29:11 | 000,161,936 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2013/07/05 23:46:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\housecall.guid.cache
[2013/06/30 21:22:34 | 000,000,175 | ---- | C] () -- C:\WINNT\System32\drivers\aswVmm.sys.sum
[2013/06/26 18:49:12 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2013/06/26 13:55:44 | 000,000,175 | ---- | C] () -- C:\WINNT\System32\drivers\aswSnx.sys.sum
[2013/06/26 13:55:12 | 000,000,175 | ---- | C] () -- C:\WINNT\System32\drivers\aswSP.sys.sum
[2013/05/16 03:53:32 | 000,175,176 | ---- | C] () -- C:\WINNT\System32\drivers\aswVmm.sys
[2013/05/16 03:53:22 | 000,049,376 | ---- | C] () -- C:\WINNT\System32\drivers\aswRvrt.sys
[2013/05/07 21:43:38 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2013/05/07 21:43:38 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2013/05/07 21:43:38 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2013/05/07 21:43:38 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2013/05/06 12:56:19 | 000,014,160 | ---- | C] () -- C:\WINNT\System32\drivers\asdws.sys
[2013/05/03 22:10:22 | 000,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2013/05/01 00:33:18 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\xmltok.dll
[2013/05/01 00:33:18 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\xmlparse.dll
[2013/04/29 14:16:36 | 000,006,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2013/04/26 22:53:02 | 000,009,600 | ---- | C] () -- C:\WINNT\System32\drivers\ISODisk.sys
[2013/04/26 10:41:32 | 000,118,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3349025868-955804470-596614847-1006-0.dat
[2013/04/25 20:49:11 | 000,118,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/04/24 18:53:58 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2013/04/21 19:18:17 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PFP100JPR.{PB
[2013/04/21 19:18:17 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PFP100JCM.{PB
[2013/04/19 19:28:31 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\store-pp.jbs
[2012/02/21 13:58:27 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
[2011/04/28 15:27:10 | 000,000,034 | ---- | C] () -- C:\WINNT\hpfsched.ini
[2011/04/27 10:53:05 | 000,036,864 | ---- | C] () -- C:\WINNT\hpfsched.exe
[2010/01/12 10:13:01 | 000,000,000 | ---- | C] () -- C:\WINNT\hpqEmlSz.INI
[2009/12/06 05:18:14 | 000,026,624 | -HS- | C] () -- C:\WINNT\bfcs2.dll
[2008/02/27 11:54:00 | 000,020,480 | ---- | C] () -- C:\WINNT\System32\drivers\WLNdis50.sys
[2007/08/09 12:04:15 | 000,000,214 | ---- | C] () -- C:\WINNT\HP_48BitScanUpdatePatch.ini
[2006/04/10 10:06:22 | 000,000,206 | ---- | C] () -- C:\WINNT\HPGdiPlus.ini
[2005/01/02 09:54:16 | 000,004,212 | -H-- | C] () -- C:\WINNT\System32\zllictbl.dat
[2005/01/01 13:11:01 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2005/01/01 13:10:40 | 000,100,475 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/01/01 13:10:00 | 000,003,434 | ---- | C] () -- C:\WINNT\mozver.dat
[2004/09/27 10:05:18 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2003/12/24 19:35:49 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS12.DLL
[2003/04/20 07:41:13 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2002/11/05 08:34:11 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2002/11/05 02:46:12 | 000,149,504 | ---- | C] () -- C:\WINNT\System32\UNWISE.EXE
[2002/11/05 02:45:47 | 000,000,014 | ---- | C] () -- C:\WINNT\System32\SR2.dat
[2002/11/05 02:43:35 | 000,000,637 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2002/11/05 02:43:35 | 000,000,052 | ---- | C] () -- C:\WINNT\intuprof.ini
[2002/11/05 02:43:34 | 000,007,406 | ---- | C] () -- C:\WINNT\ICOADB32.DAT
[2002/11/05 02:42:57 | 000,022,528 | ---- | C] () -- C:\WINNT\Hpreg.exe
[2002/11/05 02:42:28 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2002/11/05 02:42:28 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/11/05 01:41:01 | 000,053,248 | ---- | C] () -- C:\WINNT\GWMDMpi.exe
[2002/11/05 01:40:54 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2002/11/05 01:40:52 | 000,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/11/05 01:40:16 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\SHPSHFTR.DLL
[2002/11/05 01:40:15 | 000,009,785 | ---- | C] () -- C:\WINNT\System32\drivers\a312.sys
[2002/09/03 15:00:31 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2002/09/03 14:38:22 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2002/09/03 14:30:33 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2002/09/03 14:23:28 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[1980/01/01 02:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 02:00:00 | 000,503,164 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 02:00:00 | 000,088,562 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,005,114 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[1980/01/01 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

========== LOP Check ==========

[2002/11/05 02:43:10 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\InterTrust
[2009/12/17 08:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2013/07/06 22:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\4 Friends Games
[2013/07/24 01:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Alawar Entertainment
[2013/07/18 20:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\AlawarEntertainment
[2013/05/06 12:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Anvisoft
[2013/06/17 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Artifex Mundi
[2013/06/16 15:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Artogon
[2013/04/22 20:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Awem
[2013/07/18 19:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Big Top Games
[2013/04/25 17:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\BitComet
[2013/08/04 22:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Boomzap
[2013/07/20 03:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\casualArts
[2013/06/17 13:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\cerasus.media
[2013/07/05 01:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Chayowo Games
[2013/06/10 23:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DAEMON Tools Lite
[2013/07/26 09:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DailyMagic
[2013/07/26 10:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Deep Shadows
[2013/07/19 00:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DieselPuppet
[2013/08/02 12:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Eipix
[2013/07/03 20:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\EleFun Games
[2013/07/20 02:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Elephant Games
[2013/08/05 00:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Enki Games
[2013/07/28 01:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\ERS Game Studios
[2013/07/18 19:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FairlyTwistedGuide
[2013/08/02 00:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FarmMystery
[2013/05/03 19:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Floodlight Games
[2013/06/25 03:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Funswitch
[2013/05/12 23:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GameInvest
[2013/08/02 11:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\GestaltGames
[2013/06/26 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Ghost Ship Studios
[2013/06/23 12:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Gogii Games
[2013/07/06 02:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Gunnar Games
[2002/11/05 02:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\InterTrust
[2013/07/20 20:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\IObit
[2013/07/26 13:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mad Head Games
[2013/06/17 22:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\MagicIndie
[2013/06/11 19:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Meridian93
[2013/07/31 00:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Opera
[2013/07/31 03:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Orneon
[2013/04/23 18:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\player
[2013/04/30 23:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PowerISO
[2013/07/24 19:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PuzzleLab
[2013/07/03 16:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\QuickScan
[2013/05/06 13:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SecretIslandEng
[2013/05/26 12:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SerpentOfIsis
[2013/07/26 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Silverback Games
[2013/06/26 23:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Silverback Productions
[2013/05/26 11:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SpinTop Games
[2013/05/15 18:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\SystemRequirementsLab
[2013/07/17 20:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\tabagames
[2013/04/23 18:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\TFP
[2013/08/05 17:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\uTorrent
[2013/06/22 19:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Vast Studios
[2013/07/24 19:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\YoudaGames
[2012/09/18 11:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/06 12:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvisoft
[2013/04/25 17:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/11/24 10:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2013/04/29 14:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2013/07/20 03:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2013/04/21 22:45:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/05/20 12:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/07/26 09:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2013/05/03 19:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2013/07/18 22:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2013/08/02 11:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2013/08/03 00:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/08/05 00:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2013/07/20 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/20 14:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/11/24 10:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/07/30 19:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/08/04 02:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/04/29 14:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X5
[2010/11/22 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/08/05 16:54:23 | 000,000,364 | -H-- | M] () -- C:\WINNT\Tasks\avast! Emergency Update.job
[2013/08/05 15:43:57 | 000,000,508 | ---- | M] () -- C:\WINNT\Tasks\SUPERAntiSpyware Scheduled Task 0169dadf-e379-4831-a828-de2fa322d8c3.job
[2013/08/04 02:00:29 | 000,000,508 | ---- | M] () -- C:\WINNT\Tasks\SUPERAntiSpyware Scheduled Task 86297c6d-1bf7-4ba7-a616-43dbb7dbde40.job

========== Purity Check ==========


< End of report >
  • 0

#18
emeraldnzl
Posted 13 September 2013 - 06:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Looks like a lot of tools been run on this machine lol.

Before we try removing things let's see if carrying out the following allows you to reboot normally. Be better for us to help with the cleaning process.

Now

Start your computer with the burned CD. When the system has rebooted your system should now display a REATOGO-X-PE desktop.
Double-click on the MBRFix icon, a command window will open

Posted Image

In the command window type in the following lines and press enter after each:

MbrFix /drive 0 savembr C:\Backup_MBR_0.bin
MbrFix /drive 0 fixmbr /yes

Try and reboot normally into your computer.
  • 0

#19
ameseliz
Posted 13 September 2013 - 07:11 PM

ameseliz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i entered the commands and when i try to reboot normally with no disk it still gos back to the never ending boot cycle :(
  • 0

#20
emeraldnzl
Posted 13 September 2013 - 07:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Moving on then:

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2013/08/04 22:22:31 | 000,943,616 | -HS- | M] () [Auto] -- C:\Program Files\Google\Desktop\Install\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\ \ \??\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\GoogleUpdate.exe [WARNING: C:\Program Files\Google\Desktop\Install\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\ \ \???\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\GoogleUpdate.exe] -- (etadpug) Google Update Service (gupdate)
SRV - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
:Services
DRV - [2013/03/26 19:37:12 | 000,017,360 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/26 19:37:10 | 000,031,520 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2013/03/23 15:51:42 | 000,247,968 | ---- | M] (IObit) [File_System | Disabled] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2009/12/06 05:18:14 | 000,026,624 | -HS- | C] () -- C:\WINNT\bfcs2.dll
:Reg

:Files
C:\Program Files\IObit

:Commands
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Post the log that is produced
  • Attempt to reboot normally into Windows

  • 0

#21
ameseliz
Posted 13 September 2013 - 08:28 PM

ameseliz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
========== OTL ==========
Service\Driver key etadpug) Google Update Service (gupdate not found.
File C:\Program Files\Google\Desktop\Install\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\ \ \??\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\GoogleUpdate.exe [WARNING: C:\Program Files\Google\Desktop\Install\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\ \ \???\{774c81da-e28c-07ff-9b21-649d1deeb0b5}\GoogleUpdate.exe] not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IMFservice deleted successfully.
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service\Driver key DRV - [2013/03/26 19:37:12 | 000,017,360 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter) not found.
Service\Driver key DRV - [2013/03/26 19:37:10 | 000,031,520 | ---- | M] (IObit.com) [Kernel | On_Demand] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter) not found.
Service\Driver key DRV - [2013/03/23 15:51:42 | 000,247,968 | ---- | M] (IObit) [File_System | Disabled] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor) not found.
Service\Driver key IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found not found.
Service\Driver key O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit) not found.
Service\Driver key [2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] not found.
Service\Driver key [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] not found.
Service\Driver key [2009/12/06 05:18:14 | 000,026,624 | -HS- | C] () -- C:\WINNT\bfcs2.dll not found.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\IObit\IObit Malware Fighter\Update folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\LatestNews folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Language folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_ia64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wnet_x86 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wnet_ia64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wnet_amd64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_ia64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_amd64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_ia64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_amd64 folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\Drivers folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter\db folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 298407 bytes
->Google Chrome cache emptied: 1642864 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3893232 bytes
->Google Chrome cache emptied: 6158639 bytes

User: Mike
->Temp folder emptied: 47827177 bytes
->Temporary Internet Files folder emptied: 32388642 bytes
->FireFox cache emptied: 3790372 bytes
->Google Chrome cache emptied: 114119129 bytes
->Flash cache emptied: 570 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114579105 bytes
->Flash cache emptied: 3079 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 90112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3440507 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35930 bytes

Total Files Cleaned = 313.00 mb

C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 09142013_011454

Is this the correct log? Still not booting normally :/
  • 0

#22
emeraldnzl
Posted 13 September 2013 - 09:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello ameseliz,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Boot to Reatogo and browse to the flash drive.
  • Double-click on FRST to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.

  • 0

#23
ameseliz
Posted 14 September 2013 - 09:48 AM

ameseliz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Good Morning!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 01
Ran by SYSTEM on REATOGO on 14-09-2013 15:42:34
Running from D:\
WIN_XP (X86) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ==================

Attention: Software hive is missing.

ATTENTION: Software hive is not loaded.


========================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


==================== One Month Modified Files and Folders =======


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 2045.8 MB
Available physical RAM: 1840.11 MB
Total Pagefile: 1876.44 MB
Available Pagefile: 1818.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.25 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive d: () (Removable) (Total:7.39 GB) (Free:7.38 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive y: () (Fixed) (Total:37.27 GB) (Free:7.42 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: E25DE25D)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00100E13)
No partition Table on disk 1.

==================== End Of Log ============================
  • 0

#24
emeraldnzl
Posted 14 September 2013 - 04:19 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi ameseliz,

Not looking that great I'm afraid. FRST is saying your machine's registry and system files are not there. It also can't see any restore points that might be used to restore your lost system.

Might mean your hard drive is compromised.

If it were me I would use Reatgo to access and copy my documents, pictures, music etc. to some sort of external memory stick or hard drive so that they are not lost.

Then have a look to see if there is a backup of your system anywhere that can be accessed.

I see you used ComboFix at some stage. It usually makes a backup when it is run.

Go to computer though Reatgo and see if you can find either of the files below.

If you can, double click on:

C:\WINDOWS\ERDNT\subs\erdnt.exe

and see if that works. If not try double clicking on:

C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe

Come back and tell me how you went.
  • 0

#25
emeraldnzl
Posted 09 October 2013 - 12:06 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP