Inactive Last know good configuration, frozen my computer.

L

linz1

Posts: 12   +0
Appreciate some help as I am at my wits end with my partners computer running Windows XP , it has been running slow for a few weeks so I thought I would have a look at it, I configured it in the f8 menu to "Last known good configuration' that's when it stopped !
Now the pc is at a standstill. takes 10-20 mins to do anything , then I went into safe mode and that does not go anything at all, can not go on 'start menu' in safe mode.
Can not go into Bios to boot from a cd as none of the F2 F10 F12 F11 work, cannot back anything up as it won't run.
Cannot boot from a usb, what to do next please help anyone.
BTW I do not have the original XP disc
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Using another working computer....
  • Download Farbar Recovery Scan Tool and save it to a flash drive.[/*]
  • Download OTLPENet.exe to your Desktop[/*]
  • Ensure that you have a blank CD in the drive[/*]
  • Double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD[/*]
  • Boot your BAD computer using the boot CD you just created.[/*]
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a Reatogo desktop.[/*]
  • Insert the flash drive with FRST on it[/*]
  • Open My Computer to locate the flash drive and run FRST[/*]
  • The tool will start to run.[/*]
  • When the tool opens click Yes to disclaimer.[/*]
  • Press Scan button.[/*]
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/*]
 
Hi Broni really appreciate your reply, I have done all the steps you stated, but the FRST.exe is not making a text log. I tested it on my vista laptop and it works fine but cannot get a text log on the infected xp computer, I ran it three times.
 
Does FRST run at all?
Is FRST file located in USB flash drive root directory (not in some subfolder)?
Did you search USB flash drive for the log?
 
Yes it is scanning but no log file (the log window does n't come up either) and it is on a usb and not in a sub file, It is definatly not going to the usb. I will try a different usb and run it again. Meanwhile if you have any other suggestion. Thanks again.
 
Got it,
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on REATOGO on 07-10-2013 11:30:03
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Internet Helper Anti-phishing] - C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
Winlogon\Notify\ComPlusSetup: C:\WINDOWS\System32\catsrvut.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\abc\Start Menu\Programs\Startup\Screen Capturer.lnk
ShortcutTarget: Screen Capturer.lnk -> C:\Program Files\Screen Capturer\ScreenCapturer.exe (ScreenCapturer.com)

========================== Services (Whitelisted) =================

S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095752 2013-09-26] ()
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [254552 2013-01-03] ()
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S1 A2DDA; C:\PROGRAM FILES\EMISOFT EMERGENCY KIT\RUN\a2ddax86.sys [22056 2013-08-07] (Emsisoft GmbH)
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 cleanhlp; C:\Program Files\emisoft emergency kit\Run\cleanhlp32.sys [50208 2013-08-07] (Emsisoft GmbH)
S3 cmuda; C:\Windows\System32\drivers\cmuda.sys [451599 2002-11-01] (C-Media Inc)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-11-01] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-11-01] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-11-01] (HP)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [807998 2005-06-21] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-03] (Malwarebytes Corporation)
S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2009-06-18] (CACE Technologies)
S3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [45568 2002-06-12] (Realtek Semiconductor Corporation)
S3 SiS300i; C:\Windows\System32\DRIVERS\sis300ip.sys [101760 2001-08-17] (Silicon Integrated Systems Corporation)
S3 SiS7018; C:\Windows\System32\drivers\ac97sis.sys [297728 2001-08-17] (Silicon Integrated Systems Corp.)
S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2008-04-13] (SiS Corporation)
S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [91678 2002-09-16] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [71514 2002-09-16] (Intel Corporation)
S4 Alerter;
S4 Messenger;
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-06 12:46 - 2013-10-06 12:46 - 00000000 ____D C:\FRST
2013-10-05 15:20 - 2013-10-05 15:49 - 00000650 _____ C:\rkill.log
2013-10-05 14:09 - 2013-10-05 14:09 - 00000000 ____D C:\!KillBox
2013-10-05 11:33 - 2008-07-30 00:06 - 00027144 _____ C:\Documents and Settings\abc\My Documents\SafeBoot-for-Windows-XP-SP3.reg
2013-10-04 17:30 - 2013-10-04 17:30 - 00000151 _____ C:\Windows\wsdu.log
2013-10-04 17:06 - 2013-10-04 17:06 - 00000178 _____ C:\Windows\DHCPUPG.LOG
2013-10-04 17:05 - 2013-10-04 17:05 - 00001052 _____ C:\Windows\WINNT32.LOG
2013-10-04 16:03 - 2013-10-04 16:03 - 00000000 ____D C:\Windows\ERDNT
2013-10-04 15:49 - 2013-10-04 15:49 - 00000000 ___SD C:\ComboFix
2013-10-04 14:39 - 2013-10-04 14:39 - 00000000 ____D C:\Qoobox
2013-10-03 18:27 - 2013-10-03 18:27 - 00000075 _____ C:\Documents and Settings\Administrator.SE121GAL\Application Data\mbam.context.scan
2013-10-03 18:02 - 2013-10-03 18:02 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Malwarebytes
2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Local Settings\Application Data\Mozilla
2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Mozilla
2013-10-03 16:42 - 2013-10-03 16:48 - 00008224 _____ C:\Documents and Settings\abc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-03 11:31 - 2013-10-06 11:35 - 00000577 _____ C:\Windows\wiadebug.log
2013-10-03 11:29 - 2013-10-06 11:35 - 00004118 _____ C:\Windows\WindowsUpdate.log
2013-10-02 19:41 - 2013-10-02 19:41 - 00000000 __SHD C:\FOUND.020
2013-10-02 16:00 - 2013-10-02 16:00 - 00000000 __SHD C:\FOUND.019
2013-10-02 14:25 - 2001-08-17 14:55 - 00096128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ati.dll
2013-10-02 14:25 - 2001-08-17 14:55 - 00096128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ati.dll
2013-10-02 14:25 - 2001-08-17 13:52 - 00026496 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc.sys
2013-10-02 14:25 - 2001-08-17 13:52 - 00026496 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc.sys
2013-10-02 14:25 - 2001-08-17 13:52 - 00022400 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\asc3350p.sys
2013-10-02 14:25 - 2001-08-17 13:52 - 00022400 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\asc3350p.sys
2013-10-02 14:25 - 2001-08-17 13:51 - 00014848 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc3550.sys
2013-10-02 14:25 - 2001-08-17 13:51 - 00014848 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc3550.sys
2013-10-02 14:25 - 2001-08-17 12:12 - 00097354 _____ (Bay Networks, Inc.) C:\Windows\System32\dllcache\aspndis3.sys
2013-10-02 14:25 - 2001-08-17 12:12 - 00097354 _____ (Bay Networks, Inc.) C:\Windows\System32\dllcache\aspndis3.sys
2013-10-02 14:24 - 2008-04-13 22:05 - 00036224 _____ (ADMtek Incorporated.) C:\Windows\System32\dllcache\an983.sys
2013-10-02 14:24 - 2008-04-13 22:05 - 00036224 _____ (ADMtek Incorporated.) C:\Windows\System32\dllcache\an983.sys
2013-10-02 14:24 - 2001-08-17 14:07 - 00056960 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
2013-10-02 14:24 - 2001-08-17 14:07 - 00056960 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
2013-10-02 14:24 - 2001-08-17 13:52 - 00012032 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\amsint.sys
2013-10-02 14:24 - 2001-08-17 13:52 - 00012032 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\amsint.sys
2013-10-02 14:24 - 2001-08-17 13:51 - 00005248 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
2013-10-02 14:24 - 2001-08-17 13:51 - 00005248 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
2013-10-02 14:24 - 2001-08-17 13:49 - 00026624 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\alifir.sys
2013-10-02 14:24 - 2001-08-17 13:49 - 00026624 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\alifir.sys
2013-10-02 14:24 - 2001-08-17 13:47 - 00006272 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\apmbatt.sys
2013-10-02 14:24 - 2001-08-17 13:47 - 00006272 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\apmbatt.sys
2013-10-02 14:24 - 2001-08-17 12:11 - 00027678 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ali5261.sys
2013-10-02 14:24 - 2001-08-17 12:11 - 00027678 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ali5261.sys
2013-10-02 14:24 - 2001-08-17 12:11 - 00016969 _____ (AmbiCom, Inc.) C:\Windows\System32\dllcache\amb8002.sys
2013-10-02 14:24 - 2001-08-17 12:11 - 00016969 _____ (AmbiCom, Inc.) C:\Windows\System32\dllcache\amb8002.sys
2013-10-02 14:23 - 2001-08-17 22:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\agcgauge.ax
2013-10-02 14:23 - 2001-08-17 22:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\agcgauge.ax
2013-10-02 14:23 - 2001-08-17 14:07 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
2013-10-02 14:23 - 2001-08-17 14:07 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
2013-10-02 14:23 - 2001-08-17 14:07 - 00055168 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
2013-10-02 14:23 - 2001-08-17 14:07 - 00055168 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
2013-10-02 14:23 - 2001-08-17 13:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aha154x.sys
2013-10-02 14:23 - 2001-08-17 13:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aha154x.sys
2013-10-02 14:23 - 2001-08-17 12:11 - 00046112 _____ (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
2013-10-02 14:23 - 2001-08-17 12:11 - 00046112 _____ (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
2013-10-02 14:22 - 2008-04-13 22:06 - 00231552 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ac97ali.sys
2013-10-02 14:22 - 2008-04-13 22:06 - 00231552 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ac97ali.sys
2013-10-02 14:22 - 2008-04-13 22:06 - 00084480 _____ (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
2013-10-02 14:22 - 2008-04-13 22:06 - 00084480 _____ (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
2013-10-02 14:22 - 2008-04-13 22:06 - 00010880 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\admjoy.sys
2013-10-02 14:22 - 2008-04-13 22:06 - 00010880 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\admjoy.sys
2013-10-02 14:22 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
2013-10-02 14:22 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
2013-10-02 14:22 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
2013-10-02 14:22 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
2013-10-02 14:22 - 2001-08-17 13:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\abp480n5.sys
2013-10-02 14:22 - 2001-08-17 13:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\abp480n5.sys
2013-10-02 14:22 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
2013-10-02 14:22 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
2013-10-02 14:22 - 2001-08-17 12:19 - 00747392 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8830.sys
2013-10-02 14:22 - 2001-08-17 12:19 - 00747392 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8830.sys
2013-10-02 14:22 - 2001-08-17 12:19 - 00584448 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8810.sys
2013-10-02 14:22 - 2001-08-17 12:19 - 00584448 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8810.sys
2013-10-02 14:22 - 2001-08-17 12:19 - 00553984 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8820.sys
2013-10-02 14:22 - 2001-08-17 12:19 - 00553984 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8820.sys
2013-10-02 14:22 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\Windows\System32\dllcache\adm8511.sys
2013-10-02 14:22 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\Windows\System32\dllcache\adm8511.sys
2013-10-02 14:21 - 2008-04-14 00:16 - 00053376 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394bus.sys
2013-10-02 14:21 - 2008-04-14 00:16 - 00053376 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394bus.sys
2013-10-02 14:21 - 2008-04-14 00:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
2013-10-02 14:21 - 2008-04-14 00:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
2013-10-02 14:21 - 2008-04-14 00:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
2013-10-02 14:21 - 2008-04-14 00:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
2013-10-02 14:21 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394vdbg.sys
2013-10-02 14:21 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394vdbg.sys
2013-10-02 14:20 - 2008-04-14 00:54 - 02145280 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2013-10-02 14:20 - 2008-04-14 00:54 - 02145280 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2013-10-02 14:20 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
2013-10-02 14:20 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
2013-10-02 14:09 - 2008-04-14 05:42 - 00016439 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLD11.tmp
2013-10-02 14:09 - 2008-04-14 05:42 - 00016439 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLD11.tmp
2013-10-02 14:09 - 2008-04-14 05:41 - 00020540 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE.tmp
2013-10-02 14:09 - 2008-04-14 05:41 - 00020540 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE.tmp
2013-10-02 09:52 - 2013-10-03 18:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-10-02 06:04 - 2013-10-02 06:04 - 00358544 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-01 07:30 - 2013-10-01 07:30 - 00138860 _____ C:\Documents and Settings\abc\Desktop\sdcopy.exe (1).zip
2013-09-28 15:03 - 2013-09-28 15:03 - 00000673 _____ C:\Documents and Settings\abc\Desktop\Comodo Dragon.lnk
2013-09-28 14:56 - 2013-09-28 14:56 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
2013-09-28 14:55 - 2013-09-28 14:55 - 00048392 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-09-28 14:54 - 2013-09-28 14:55 - 37783616 _____ (COMODO) C:\DragonSetup.exe
2013-09-28 11:19 - 2013-09-28 11:19 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2013-09-28 10:49 - 2013-09-28 10:49 - 00000000 ____D C:\Documents and Settings\abc\Desktop\bookmarks commodo
2013-09-26 20:59 - 2013-09-26 20:59 - 00010057 _____ C:\Documents and Settings\abc\Desktop\imagescasx0j2h.jpeg
2013-09-26 19:25 - 2013-09-26 19:25 - 00000000 __SHD C:\FOUND.018
2013-09-25 15:23 - 2013-09-25 15:23 - 00418352 _____ (NCH Software) C:\Documents and Settings\abc\Desktop\tnsetup.exe
2013-09-20 13:37 - 2013-09-20 13:37 - 00021700 _____ C:\Documents and Settings\abc\Desktop\Expand your business networks.eml
2013-09-19 18:06 - 2013-09-19 18:06 - 00000628 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-09-19 18:06 - 2013-09-19 18:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 18:04 - 2013-09-19 18:05 - 17152184 _____ (Mozilla) C:\Documents and Settings\abc\Desktop\Firefox Setup 13.0b6.exe
2013-09-19 17:04 - 2013-09-19 17:04 - 00000000 __SHD C:\FOUND.017
2013-09-19 05:39 - 2013-09-19 05:39 - 00000000 __SHD C:\FOUND.016
2013-09-18 14:24 - 2013-09-18 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2013-09-18 09:15 - 2013-09-18 09:25 - 212887012 _____ C:\Documents and Settings\abc\Desktop\Copy Trans suite.zip
2013-09-16 07:37 - 2013-09-16 07:37 - 00034850 _____ C:\Documents and Settings\abc\Desktop\Bullmastiff.wav
2013-09-16 07:34 - 2013-09-16 07:34 - 00041066 _____ C:\Documents and Settings\abc\Desktop\AkitaInu.wav
2013-09-16 07:33 - 2013-09-16 07:33 - 00043882 _____ C:\Documents and Settings\abc\Desktop\AiredaleTerrier.wav
2013-09-11 15:50 - 2013-09-11 15:50 - 00000000 ____D C:\Windows\System32\NtmsData
2013-09-10 16:53 - 2013-09-10 16:53 - 00000000 ____D C:\Windows\SysWOW64
2013-09-10 16:53 - 2009-06-15 14:31 - 00240248 _____ (CACE Technologies) C:\Windows\SysWOW64\wpcap.dll
2013-09-10 16:53 - 2009-06-15 14:31 - 00088704 _____ (CACE Technologies) C:\Windows\SysWOW64\Packet.dll
2013-09-10 16:53 - 2009-06-15 14:31 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2013-09-10 16:26 - 2013-09-10 16:26 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\abc\Desktop\rkill.com
2013-09-10 07:36 - 2013-09-10 07:36 - 00000000 __SHD C:\FOUND.015

==================== One Month Modified Files and Folders =======

2013-10-06 12:46 - 2013-10-06 12:46 - 00000000 ____D C:\FRST
2013-10-06 11:35 - 2013-10-03 11:31 - 00000577 _____ C:\Windows\wiadebug.log
2013-10-06 11:35 - 2013-10-03 11:29 - 00004118 _____ C:\Windows\WindowsUpdate.log
2013-10-06 11:35 - 2013-05-29 16:17 - 00000049 _____ C:\Windows\wiaservc.log
2013-10-06 11:33 - 2012-08-04 08:29 - 00000178 ___SH C:\Documents and Settings\abc\ntuser.ini
2013-10-05 17:28 - 2012-09-07 18:17 - 00002728 _____ C:\Windows\System32\d3d9caps.dat
2013-10-05 17:27 - 2012-10-02 19:27 - 00001956 _____ C:\Windows\System32\d3d8caps.dat
2013-10-05 15:49 - 2013-10-05 15:20 - 00000650 _____ C:\rkill.log
2013-10-05 14:09 - 2013-10-05 14:09 - 00000000 ____D C:\!KillBox
2013-10-04 17:30 - 2013-10-04 17:30 - 00000151 _____ C:\Windows\wsdu.log
2013-10-04 17:06 - 2013-10-04 17:06 - 00000178 _____ C:\Windows\DHCPUPG.LOG
2013-10-04 17:05 - 2013-10-04 17:05 - 00001052 _____ C:\Windows\WINNT32.LOG
2013-10-04 16:03 - 2013-10-04 16:03 - 00000000 ____D C:\Windows\ERDNT
2013-10-04 15:49 - 2013-10-04 15:49 - 00000000 ___SD C:\ComboFix
2013-10-04 14:39 - 2013-10-04 14:39 - 00000000 ____D C:\Qoobox
2013-10-04 06:37 - 2012-08-04 08:13 - 00000211 __RSH C:\boot.ini
2013-10-04 06:37 - 2012-08-04 08:11 - 00001141 _____ C:\Windows\win.ini
2013-10-04 06:37 - 2012-08-04 08:11 - 00000371 _____ C:\Windows\system.ini
2013-10-03 18:53 - 2013-10-02 09:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-10-03 18:27 - 2013-10-03 18:27 - 00000075 _____ C:\Documents and Settings\Administrator.SE121GAL\Application Data\mbam.context.scan
2013-10-03 18:02 - 2013-10-03 18:02 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Malwarebytes
2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Local Settings\Application Data\Mozilla
2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Mozilla
2013-10-03 16:48 - 2013-10-03 16:42 - 00008224 _____ C:\Documents and Settings\abc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-02 20:34 - 2013-05-29 16:17 - 00000000 _____ C:\Windows\Sti_Trace.log
2013-10-02 19:41 - 2013-10-02 19:41 - 00000000 __SHD C:\FOUND.020
2013-10-02 16:00 - 2013-10-02 16:00 - 00000000 __SHD C:\FOUND.019
2013-10-02 06:04 - 2013-10-02 06:04 - 00358544 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-01 14:36 - 2013-07-24 10:07 - 00000324 _____ C:\Documents and Settings\abc\Desktop\host.txt
2013-10-01 14:00 - 2013-08-25 10:43 - 00022849 _____ C:\Documents and Settings\abc\Desktop\postcodes.txt
2013-10-01 07:30 - 2013-10-01 07:30 - 00138860 _____ C:\Documents and Settings\abc\Desktop\sdcopy.exe (1).zip
2013-09-28 15:03 - 2013-09-28 15:03 - 00000673 _____ C:\Documents and Settings\abc\Desktop\Comodo Dragon.lnk
2013-09-28 14:56 - 2013-09-28 14:56 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
2013-09-28 14:55 - 2013-09-28 14:55 - 00048392 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-09-28 14:55 - 2013-09-28 14:54 - 37783616 _____ (COMODO) C:\DragonSetup.exe
2013-09-28 11:19 - 2013-09-28 11:19 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2013-09-28 10:49 - 2013-09-28 10:49 - 00000000 ____D C:\Documents and Settings\abc\Desktop\bookmarks commodo
2013-09-26 20:59 - 2013-09-26 20:59 - 00010057 _____ C:\Documents and Settings\abc\Desktop\imagescasx0j2h.jpeg
2013-09-26 19:25 - 2013-09-26 19:25 - 00000000 __SHD C:\FOUND.018
2013-09-25 15:23 - 2013-09-25 15:23 - 00418352 _____ (NCH Software) C:\Documents and Settings\abc\Desktop\tnsetup.exe
2013-09-25 14:37 - 2013-05-28 14:40 - 00000178 ___SH C:\Documents and Settings\Administrator.SE121GAL\ntuser.ini
2013-09-25 06:35 - 2012-08-04 08:12 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-09-20 13:37 - 2013-09-20 13:37 - 00021700 _____ C:\Documents and Settings\abc\Desktop\Expand your business networks.eml
2013-09-19 18:06 - 2013-09-19 18:06 - 00000628 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-09-19 18:06 - 2013-09-19 18:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 18:05 - 2013-09-19 18:04 - 17152184 _____ (Mozilla) C:\Documents and Settings\abc\Desktop\Firefox Setup 13.0b6.exe
2013-09-19 17:04 - 2013-09-19 17:04 - 00000000 __SHD C:\FOUND.017
2013-09-19 05:39 - 2013-09-19 05:39 - 00000000 __SHD C:\FOUND.016
2013-09-18 14:24 - 2013-09-18 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2013-09-18 09:25 - 2013-09-18 09:15 - 212887012 _____ C:\Documents and Settings\abc\Desktop\Copy Trans suite.zip
2013-09-16 07:37 - 2013-09-16 07:37 - 00034850 _____ C:\Documents and Settings\abc\Desktop\Bullmastiff.wav
2013-09-16 07:34 - 2013-09-16 07:34 - 00041066 _____ C:\Documents and Settings\abc\Desktop\AkitaInu.wav
2013-09-16 07:33 - 2013-09-16 07:33 - 00043882 _____ C:\Documents and Settings\abc\Desktop\AiredaleTerrier.wav
2013-09-11 15:50 - 2013-09-11 15:50 - 00000000 ____D C:\Windows\System32\NtmsData
2013-09-10 16:53 - 2013-09-10 16:53 - 00000000 ____D C:\Windows\SysWOW64
2013-09-10 16:26 - 2013-09-10 16:26 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\abc\Desktop\rkill.com
2013-09-10 07:36 - 2013-09-10 07:36 - 00000000 __SHD C:\FOUND.015
 
I have ran it again three times, ticked all the boxes at the bottom of the scanner but I can't get any more info on the log.
 
You will need a USB flash drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB flash drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review
 
Hi Broni wanted to thank you for all your help, my other half was too impatient and has decided to buy another computer as he has had enough, thanks again tho I did learn quite a bit of handy information.
 
You must log in or register to reply here.

Similar threads

T
Solved Missing desktop icons and start menu.
Replies
4
Views
2K
Tobiasrieper
T
Cal Jeffrey
Tomb Raider modder reveals he spent the last year heading up the trilogy remaster
Replies
3
Views
145
erickmendes
erickmendes
Cal Jeffrey
End of an era: The last two print computer magazines just pressed their last issues
Replies
16
Views
914
Cal Jeffrey
Cal Jeffrey

Latest posts

Back