Last know good configuration, frozen my computer.

Inactive
By linz1
Oct 5, 2013
  1. Appreciate some help as I am at my wits end with my partners computer running Windows XP , it has been running slow for a few weeks so I thought I would have a look at it, I configured it in the f8 menu to "Last known good configuration' that's when it stopped !
    Now the pc is at a standstill. takes 10-20 mins to do anything , then I went into safe mode and that does not go anything at all, can not go on 'start menu' in safe mode.
    Can not go into Bios to boot from a cd as none of the F2 F10 F12 F11 work, cannot back anything up as it won't run.
    Cannot boot from a usb, what to do next please help anyone.
    BTW I do not have the original XP disc
  2. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Using another working computer....
    • Download Farbar Recovery Scan Tool and save it to a flash drive.[/*]
    • Download OTLPENet.exe to your Desktop[/*]
    • Ensure that you have a blank CD in the drive[/*]
    • Double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD[/*]
    • Boot your BAD computer using the boot CD you just created.[/*]
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a Reatogo desktop.[/*]
    • Insert the flash drive with FRST on it[/*]
    • Open My Computer to locate the flash drive and run FRST[/*]
    • The tool will start to run.[/*]
    • When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/*]
  3. linz1

    linz1 Newcomer, in training Topic Starter

    Hi Broni really appreciate your reply, I have done all the steps you stated, but the FRST.exe is not making a text log. I tested it on my vista laptop and it works fine but cannot get a text log on the infected xp computer, I ran it three times.
  4. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Does FRST run at all?
    Is FRST file located in USB flash drive root directory (not in some subfolder)?
    Did you search USB flash drive for the log?
  5. linz1

    linz1 Newcomer, in training Topic Starter

    Yes it is scanning but no log file (the log window does n't come up either) and it is on a usb and not in a sub file, It is definatly not going to the usb. I will try a different usb and run it again. Meanwhile if you have any other suggestion. Thanks again.
  6. linz1

    linz1 Newcomer, in training Topic Starter

    Got it,
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
    Ran by SYSTEM on REATOGO on 07-10-2013 11:30:03
    Running from B:\Documents and Settings\Default User\Desktop
    Microsoft Windows XP (X86) OS Language: English(US)
    Internet Explorer Version 6
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
    HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [Internet Helper Anti-phishing] - C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
    Winlogon\Notify\ComPlusSetup: C:\WINDOWS\System32\catsrvut.dll (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
    Startup: C:\Documents and Settings\abc\Start Menu\Programs\Startup\Screen Capturer.lnk
    ShortcutTarget: Screen Capturer.lnk -> C:\Program Files\Screen Capturer\ScreenCapturer.exe (ScreenCapturer.com)

    ========================== Services (Whitelisted) =================

    S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095752 2013-09-26] ()
    S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
    S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
    S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [254552 2013-01-03] ()
    S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

    ==================== Drivers (Whitelisted) ====================

    S1 A2DDA; C:\PROGRAM FILES\EMISOFT EMERGENCY KIT\RUN\a2ddax86.sys [22056 2013-08-07] (Emsisoft GmbH)
    S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3846016 2006-02-08] (Realtek Semiconductor Corp.)
    S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
    S3 cleanhlp; C:\Program Files\emisoft emergency kit\Run\cleanhlp32.sys [50208 2013-08-07] (Emsisoft GmbH)
    S3 cmuda; C:\Windows\System32\drivers\cmuda.sys [451599 2002-11-01] (C-Media Inc)
    S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
    S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-11-01] (HP)
    S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-11-01] (HP)
    S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-11-01] (HP)
    S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [807998 2005-06-21] (Intel Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-10-03] (Malwarebytes Corporation)
    S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)
    S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2009-06-18] (CACE Technologies)
    S3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [45568 2002-06-12] (Realtek Semiconductor Corporation)
    S3 SiS300i; C:\Windows\System32\DRIVERS\sis300ip.sys [101760 2001-08-17] (Silicon Integrated Systems Corporation)
    S3 SiS7018; C:\Windows\System32\drivers\ac97sis.sys [297728 2001-08-17] (Silicon Integrated Systems Corp.)
    S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2008-04-13] (SiS Corporation)
    S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [91678 2002-09-16] (Intel Corporation)
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [71514 2002-09-16] (Intel Corporation)
    S4 Alerter;
    S4 Messenger;
    S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-10-06 12:46 - 2013-10-06 12:46 - 00000000 ____D C:\FRST
    2013-10-05 15:20 - 2013-10-05 15:49 - 00000650 _____ C:\rkill.log
    2013-10-05 14:09 - 2013-10-05 14:09 - 00000000 ____D C:\!KillBox
    2013-10-05 11:33 - 2008-07-30 00:06 - 00027144 _____ C:\Documents and Settings\abc\My Documents\SafeBoot-for-Windows-XP-SP3.reg
    2013-10-04 17:30 - 2013-10-04 17:30 - 00000151 _____ C:\Windows\wsdu.log
    2013-10-04 17:06 - 2013-10-04 17:06 - 00000178 _____ C:\Windows\DHCPUPG.LOG
    2013-10-04 17:05 - 2013-10-04 17:05 - 00001052 _____ C:\Windows\WINNT32.LOG
    2013-10-04 16:03 - 2013-10-04 16:03 - 00000000 ____D C:\Windows\ERDNT
    2013-10-04 15:49 - 2013-10-04 15:49 - 00000000 ___SD C:\ComboFix
    2013-10-04 14:39 - 2013-10-04 14:39 - 00000000 ____D C:\Qoobox
    2013-10-03 18:27 - 2013-10-03 18:27 - 00000075 _____ C:\Documents and Settings\Administrator.SE121GAL\Application Data\mbam.context.scan
    2013-10-03 18:02 - 2013-10-03 18:02 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Malwarebytes
    2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Local Settings\Application Data\Mozilla
    2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Mozilla
    2013-10-03 16:42 - 2013-10-03 16:48 - 00008224 _____ C:\Documents and Settings\abc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2013-10-03 11:31 - 2013-10-06 11:35 - 00000577 _____ C:\Windows\wiadebug.log
    2013-10-03 11:29 - 2013-10-06 11:35 - 00004118 _____ C:\Windows\WindowsUpdate.log
    2013-10-02 19:41 - 2013-10-02 19:41 - 00000000 __SHD C:\FOUND.020
    2013-10-02 16:00 - 2013-10-02 16:00 - 00000000 __SHD C:\FOUND.019
    2013-10-02 14:25 - 2001-08-17 14:55 - 00096128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ati.dll
    2013-10-02 14:25 - 2001-08-17 14:55 - 00096128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ati.dll
    2013-10-02 14:25 - 2001-08-17 13:52 - 00026496 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc.sys
    2013-10-02 14:25 - 2001-08-17 13:52 - 00026496 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc.sys
    2013-10-02 14:25 - 2001-08-17 13:52 - 00022400 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\asc3350p.sys
    2013-10-02 14:25 - 2001-08-17 13:52 - 00022400 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\asc3350p.sys
    2013-10-02 14:25 - 2001-08-17 13:51 - 00014848 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc3550.sys
    2013-10-02 14:25 - 2001-08-17 13:51 - 00014848 _____ (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc3550.sys
    2013-10-02 14:25 - 2001-08-17 12:12 - 00097354 _____ (Bay Networks, Inc.) C:\Windows\System32\dllcache\aspndis3.sys
    2013-10-02 14:25 - 2001-08-17 12:12 - 00097354 _____ (Bay Networks, Inc.) C:\Windows\System32\dllcache\aspndis3.sys
    2013-10-02 14:24 - 2008-04-13 22:05 - 00036224 _____ (ADMtek Incorporated.) C:\Windows\System32\dllcache\an983.sys
    2013-10-02 14:24 - 2008-04-13 22:05 - 00036224 _____ (ADMtek Incorporated.) C:\Windows\System32\dllcache\an983.sys
    2013-10-02 14:24 - 2001-08-17 14:07 - 00056960 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
    2013-10-02 14:24 - 2001-08-17 14:07 - 00056960 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
    2013-10-02 14:24 - 2001-08-17 13:52 - 00012032 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\amsint.sys
    2013-10-02 14:24 - 2001-08-17 13:52 - 00012032 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\amsint.sys
    2013-10-02 14:24 - 2001-08-17 13:51 - 00005248 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
    2013-10-02 14:24 - 2001-08-17 13:51 - 00005248 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\aliide.sys
    2013-10-02 14:24 - 2001-08-17 13:49 - 00026624 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\alifir.sys
    2013-10-02 14:24 - 2001-08-17 13:49 - 00026624 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\alifir.sys
    2013-10-02 14:24 - 2001-08-17 13:47 - 00006272 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\apmbatt.sys
    2013-10-02 14:24 - 2001-08-17 13:47 - 00006272 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\apmbatt.sys
    2013-10-02 14:24 - 2001-08-17 12:11 - 00027678 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ali5261.sys
    2013-10-02 14:24 - 2001-08-17 12:11 - 00027678 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ali5261.sys
    2013-10-02 14:24 - 2001-08-17 12:11 - 00016969 _____ (AmbiCom, Inc.) C:\Windows\System32\dllcache\amb8002.sys
    2013-10-02 14:24 - 2001-08-17 12:11 - 00016969 _____ (AmbiCom, Inc.) C:\Windows\System32\dllcache\amb8002.sys
    2013-10-02 14:23 - 2001-08-17 22:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\agcgauge.ax
    2013-10-02 14:23 - 2001-08-17 22:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\agcgauge.ax
    2013-10-02 14:23 - 2001-08-17 14:07 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
    2013-10-02 14:23 - 2001-08-17 14:07 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
    2013-10-02 14:23 - 2001-08-17 14:07 - 00055168 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
    2013-10-02 14:23 - 2001-08-17 14:07 - 00055168 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
    2013-10-02 14:23 - 2001-08-17 13:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aha154x.sys
    2013-10-02 14:23 - 2001-08-17 13:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\aha154x.sys
    2013-10-02 14:23 - 2001-08-17 12:11 - 00046112 _____ (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
    2013-10-02 14:23 - 2001-08-17 12:11 - 00046112 _____ (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
    2013-10-02 14:22 - 2008-04-13 22:06 - 00231552 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ac97ali.sys
    2013-10-02 14:22 - 2008-04-13 22:06 - 00231552 _____ (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ac97ali.sys
    2013-10-02 14:22 - 2008-04-13 22:06 - 00084480 _____ (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
    2013-10-02 14:22 - 2008-04-13 22:06 - 00084480 _____ (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
    2013-10-02 14:22 - 2008-04-13 22:06 - 00010880 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\admjoy.sys
    2013-10-02 14:22 - 2008-04-13 22:06 - 00010880 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\admjoy.sys
    2013-10-02 14:22 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
    2013-10-02 14:22 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
    2013-10-02 14:22 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
    2013-10-02 14:22 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
    2013-10-02 14:22 - 2001-08-17 13:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\abp480n5.sys
    2013-10-02 14:22 - 2001-08-17 13:52 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\abp480n5.sys
    2013-10-02 14:22 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
    2013-10-02 14:22 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
    2013-10-02 14:22 - 2001-08-17 12:19 - 00747392 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8830.sys
    2013-10-02 14:22 - 2001-08-17 12:19 - 00747392 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8830.sys
    2013-10-02 14:22 - 2001-08-17 12:19 - 00584448 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8810.sys
    2013-10-02 14:22 - 2001-08-17 12:19 - 00584448 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8810.sys
    2013-10-02 14:22 - 2001-08-17 12:19 - 00553984 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8820.sys
    2013-10-02 14:22 - 2001-08-17 12:19 - 00553984 _____ (Aureal, Inc.) C:\Windows\System32\dllcache\adm8820.sys
    2013-10-02 14:22 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\Windows\System32\dllcache\adm8511.sys
    2013-10-02 14:22 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\Windows\System32\dllcache\adm8511.sys
    2013-10-02 14:21 - 2008-04-14 00:16 - 00053376 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394bus.sys
    2013-10-02 14:21 - 2008-04-14 00:16 - 00053376 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394bus.sys
    2013-10-02 14:21 - 2008-04-14 00:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
    2013-10-02 14:21 - 2008-04-14 00:16 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
    2013-10-02 14:21 - 2008-04-14 00:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
    2013-10-02 14:21 - 2008-04-14 00:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
    2013-10-02 14:21 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394vdbg.sys
    2013-10-02 14:21 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\1394vdbg.sys
    2013-10-02 14:20 - 2008-04-14 00:54 - 02145280 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
    2013-10-02 14:20 - 2008-04-14 00:54 - 02145280 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
    2013-10-02 14:20 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
    2013-10-02 14:20 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
    2013-10-02 14:09 - 2008-04-14 05:42 - 00016439 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLD11.tmp
    2013-10-02 14:09 - 2008-04-14 05:42 - 00016439 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLD11.tmp
    2013-10-02 14:09 - 2008-04-14 05:41 - 00020540 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE.tmp
    2013-10-02 14:09 - 2008-04-14 05:41 - 00020540 _____ (Microsoft Corporation) C:\Windows\System32\dllcache\OLDE.tmp
    2013-10-02 09:52 - 2013-10-03 18:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2013-10-02 06:04 - 2013-10-02 06:04 - 00358544 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-10-01 07:30 - 2013-10-01 07:30 - 00138860 _____ C:\Documents and Settings\abc\Desktop\sdcopy.exe (1).zip
    2013-09-28 15:03 - 2013-09-28 15:03 - 00000673 _____ C:\Documents and Settings\abc\Desktop\Comodo Dragon.lnk
    2013-09-28 14:56 - 2013-09-28 14:56 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    2013-09-28 14:55 - 2013-09-28 14:55 - 00048392 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
    2013-09-28 14:54 - 2013-09-28 14:55 - 37783616 _____ (COMODO) C:\DragonSetup.exe
    2013-09-28 11:19 - 2013-09-28 11:19 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
    2013-09-28 10:49 - 2013-09-28 10:49 - 00000000 ____D C:\Documents and Settings\abc\Desktop\bookmarks commodo
    2013-09-26 20:59 - 2013-09-26 20:59 - 00010057 _____ C:\Documents and Settings\abc\Desktop\imagescasx0j2h.jpeg
    2013-09-26 19:25 - 2013-09-26 19:25 - 00000000 __SHD C:\FOUND.018
    2013-09-25 15:23 - 2013-09-25 15:23 - 00418352 _____ (NCH Software) C:\Documents and Settings\abc\Desktop\tnsetup.exe
    2013-09-20 13:37 - 2013-09-20 13:37 - 00021700 _____ C:\Documents and Settings\abc\Desktop\Expand your business networks.eml
    2013-09-19 18:06 - 2013-09-19 18:06 - 00000628 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2013-09-19 18:06 - 2013-09-19 18:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-09-19 18:04 - 2013-09-19 18:05 - 17152184 _____ (Mozilla) C:\Documents and Settings\abc\Desktop\Firefox Setup 13.0b6.exe
    2013-09-19 17:04 - 2013-09-19 17:04 - 00000000 __SHD C:\FOUND.017
    2013-09-19 05:39 - 2013-09-19 05:39 - 00000000 __SHD C:\FOUND.016
    2013-09-18 14:24 - 2013-09-18 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
    2013-09-18 09:15 - 2013-09-18 09:25 - 212887012 _____ C:\Documents and Settings\abc\Desktop\Copy Trans suite.zip
    2013-09-16 07:37 - 2013-09-16 07:37 - 00034850 _____ C:\Documents and Settings\abc\Desktop\Bullmastiff.wav
    2013-09-16 07:34 - 2013-09-16 07:34 - 00041066 _____ C:\Documents and Settings\abc\Desktop\AkitaInu.wav
    2013-09-16 07:33 - 2013-09-16 07:33 - 00043882 _____ C:\Documents and Settings\abc\Desktop\AiredaleTerrier.wav
    2013-09-11 15:50 - 2013-09-11 15:50 - 00000000 ____D C:\Windows\System32\NtmsData
    2013-09-10 16:53 - 2013-09-10 16:53 - 00000000 ____D C:\Windows\SysWOW64
    2013-09-10 16:53 - 2009-06-15 14:31 - 00240248 _____ (CACE Technologies) C:\Windows\SysWOW64\wpcap.dll
    2013-09-10 16:53 - 2009-06-15 14:31 - 00088704 _____ (CACE Technologies) C:\Windows\SysWOW64\Packet.dll
    2013-09-10 16:53 - 2009-06-15 14:31 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
    2013-09-10 16:26 - 2013-09-10 16:26 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\abc\Desktop\rkill.com
    2013-09-10 07:36 - 2013-09-10 07:36 - 00000000 __SHD C:\FOUND.015

    ==================== One Month Modified Files and Folders =======

    2013-10-06 12:46 - 2013-10-06 12:46 - 00000000 ____D C:\FRST
    2013-10-06 11:35 - 2013-10-03 11:31 - 00000577 _____ C:\Windows\wiadebug.log
    2013-10-06 11:35 - 2013-10-03 11:29 - 00004118 _____ C:\Windows\WindowsUpdate.log
    2013-10-06 11:35 - 2013-05-29 16:17 - 00000049 _____ C:\Windows\wiaservc.log
    2013-10-06 11:33 - 2012-08-04 08:29 - 00000178 ___SH C:\Documents and Settings\abc\ntuser.ini
    2013-10-05 17:28 - 2012-09-07 18:17 - 00002728 _____ C:\Windows\System32\d3d9caps.dat
    2013-10-05 17:27 - 2012-10-02 19:27 - 00001956 _____ C:\Windows\System32\d3d8caps.dat
    2013-10-05 15:49 - 2013-10-05 15:20 - 00000650 _____ C:\rkill.log
    2013-10-05 14:09 - 2013-10-05 14:09 - 00000000 ____D C:\!KillBox
    2013-10-04 17:30 - 2013-10-04 17:30 - 00000151 _____ C:\Windows\wsdu.log
    2013-10-04 17:06 - 2013-10-04 17:06 - 00000178 _____ C:\Windows\DHCPUPG.LOG
    2013-10-04 17:05 - 2013-10-04 17:05 - 00001052 _____ C:\Windows\WINNT32.LOG
    2013-10-04 16:03 - 2013-10-04 16:03 - 00000000 ____D C:\Windows\ERDNT
    2013-10-04 15:49 - 2013-10-04 15:49 - 00000000 ___SD C:\ComboFix
    2013-10-04 14:39 - 2013-10-04 14:39 - 00000000 ____D C:\Qoobox
    2013-10-04 06:37 - 2012-08-04 08:13 - 00000211 __RSH C:\boot.ini
    2013-10-04 06:37 - 2012-08-04 08:11 - 00001141 _____ C:\Windows\win.ini
    2013-10-04 06:37 - 2012-08-04 08:11 - 00000371 _____ C:\Windows\system.ini
    2013-10-03 18:53 - 2013-10-02 09:52 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
    2013-10-03 18:27 - 2013-10-03 18:27 - 00000075 _____ C:\Documents and Settings\Administrator.SE121GAL\Application Data\mbam.context.scan
    2013-10-03 18:02 - 2013-10-03 18:02 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Malwarebytes
    2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Local Settings\Application Data\Mozilla
    2013-10-03 17:26 - 2013-10-03 17:26 - 00000000 ____D C:\Documents and Settings\Administrator.SE121GAL\Application Data\Mozilla
    2013-10-03 16:48 - 2013-10-03 16:42 - 00008224 _____ C:\Documents and Settings\abc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2013-10-02 20:34 - 2013-05-29 16:17 - 00000000 _____ C:\Windows\Sti_Trace.log
    2013-10-02 19:41 - 2013-10-02 19:41 - 00000000 __SHD C:\FOUND.020
    2013-10-02 16:00 - 2013-10-02 16:00 - 00000000 __SHD C:\FOUND.019
    2013-10-02 06:04 - 2013-10-02 06:04 - 00358544 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-10-01 14:36 - 2013-07-24 10:07 - 00000324 _____ C:\Documents and Settings\abc\Desktop\host.txt
    2013-10-01 14:00 - 2013-08-25 10:43 - 00022849 _____ C:\Documents and Settings\abc\Desktop\postcodes.txt
    2013-10-01 07:30 - 2013-10-01 07:30 - 00138860 _____ C:\Documents and Settings\abc\Desktop\sdcopy.exe (1).zip
    2013-09-28 15:03 - 2013-09-28 15:03 - 00000673 _____ C:\Documents and Settings\abc\Desktop\Comodo Dragon.lnk
    2013-09-28 14:56 - 2013-09-28 14:56 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
    2013-09-28 14:55 - 2013-09-28 14:55 - 00048392 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
    2013-09-28 14:55 - 2013-09-28 14:54 - 37783616 _____ (COMODO) C:\DragonSetup.exe
    2013-09-28 11:19 - 2013-09-28 11:19 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
    2013-09-28 10:49 - 2013-09-28 10:49 - 00000000 ____D C:\Documents and Settings\abc\Desktop\bookmarks commodo
    2013-09-26 20:59 - 2013-09-26 20:59 - 00010057 _____ C:\Documents and Settings\abc\Desktop\imagescasx0j2h.jpeg
    2013-09-26 19:25 - 2013-09-26 19:25 - 00000000 __SHD C:\FOUND.018
    2013-09-25 15:23 - 2013-09-25 15:23 - 00418352 _____ (NCH Software) C:\Documents and Settings\abc\Desktop\tnsetup.exe
    2013-09-25 14:37 - 2013-05-28 14:40 - 00000178 ___SH C:\Documents and Settings\Administrator.SE121GAL\ntuser.ini
    2013-09-25 06:35 - 2012-08-04 08:12 - 00002206 _____ C:\Windows\System32\wpa.dbl
    2013-09-20 13:37 - 2013-09-20 13:37 - 00021700 _____ C:\Documents and Settings\abc\Desktop\Expand your business networks.eml
    2013-09-19 18:06 - 2013-09-19 18:06 - 00000628 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2013-09-19 18:06 - 2013-09-19 18:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-09-19 18:05 - 2013-09-19 18:04 - 17152184 _____ (Mozilla) C:\Documents and Settings\abc\Desktop\Firefox Setup 13.0b6.exe
    2013-09-19 17:04 - 2013-09-19 17:04 - 00000000 __SHD C:\FOUND.017
    2013-09-19 05:39 - 2013-09-19 05:39 - 00000000 __SHD C:\FOUND.016
    2013-09-18 14:24 - 2013-09-18 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
    2013-09-18 09:25 - 2013-09-18 09:15 - 212887012 _____ C:\Documents and Settings\abc\Desktop\Copy Trans suite.zip
    2013-09-16 07:37 - 2013-09-16 07:37 - 00034850 _____ C:\Documents and Settings\abc\Desktop\Bullmastiff.wav
    2013-09-16 07:34 - 2013-09-16 07:34 - 00041066 _____ C:\Documents and Settings\abc\Desktop\AkitaInu.wav
    2013-09-16 07:33 - 2013-09-16 07:33 - 00043882 _____ C:\Documents and Settings\abc\Desktop\AiredaleTerrier.wav
    2013-09-11 15:50 - 2013-09-11 15:50 - 00000000 ____D C:\Windows\System32\NtmsData
    2013-09-10 16:53 - 2013-09-10 16:53 - 00000000 ____D C:\Windows\SysWOW64
    2013-09-10 16:26 - 2013-09-10 16:26 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\abc\Desktop\rkill.com
    2013-09-10 07:36 - 2013-09-10 07:36 - 00000000 __SHD C:\FOUND.015
  7. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    The log is incomplete.
    Lower half is missing.
    Redo.
  8. linz1

    linz1 Newcomer, in training Topic Starter

    I have ran it again three times, ticked all the boxes at the bottom of the scanner but I can't get any more info on the log.
  9. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    You will need a USB flash drive.

    Download GETxPUD.exe to the desktop of your clean computer
    • Run GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Next download rst.sh to your USB flash drive
    • Remove the USB & CD and insert it in the sick computer
    • Boot the Sick computer with the CD you just burned
    • The computer must be set to boot from the CD
    • Gently tap F12 and choose to boot from the CD
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Confirm that you see rst.sh that you downloaded there
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh
    • Press Enter
    • After it has finished a report will be located on your USB drive named enum.log
    • Remove the USB drive and insert it back in your working computer and navigate to enum.log

      Please note - all text entries are case sensitive
    Copy and paste the enum.log for my review
  10. linz1

    linz1 Newcomer, in training Topic Starter

    Hi Broni wanted to thank you for all your help, my other half was too impatient and has decided to buy another computer as he has had enough, thanks again tho I did learn quite a bit of handy information.
  11. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Thanks for letting me know :)

    Good luck!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.