Inactive Malware? Error windows pop up on desktop when booting up. 8-step results

[luckyedsall]

Hi,

Three error windows have been popping up on the desktop for a while on my computer when it boots up. I close the windows, it carries on, and seems to run OK after that. I have followed the 8-step instructions and will post all the results here. I started last week, then came back to it today, so all the scans weren't run on the same day. Hope that doesn't matter.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6239

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/1/2011 2:43:07 PM
mbam-log-2011-04-01 (14-43-07).txt

Scan type: Quick scan
Objects scanned: 157937
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776C4DC-E894-7C06-2148-5D73CEF5F905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sta (Trojan.Agent.Gen) -> Value: sta -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\WINDOWS\$ntuninstallmtf1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\rob anderson\local settings\application data\windows server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\$ntuninstallmtf1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

 

[luckyedsall]

GMER results:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-05 09:07:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.10.0
Running: 62hjlzke.exe; Driver: C:\DOCUME~1\ROBAND~1\LOCALS~1\Temp\ufddqpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

 

[luckyedsall]

dds results:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2006 6:11:22 PM
System Uptime: 4/5/2011 8:40:32 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 230 GiB total, 211.032 GiB free.
D: is CDROM ()
V: is NetworkDisk (NTFS) - 233 GiB total, 210.808 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP117: 1/5/2011 12:53:26 PM - System Checkpoint
RP118: 1/5/2011 6:41:48 PM - Software Distribution Service 3.0
RP119: 1/7/2011 10:54:45 AM - System Checkpoint
RP120: 1/10/2011 8:06:51 AM - System Checkpoint
RP121: 1/12/2011 8:08:44 AM - System Checkpoint
RP122: 1/12/2011 6:30:41 PM - Software Distribution Service 3.0
RP123: 1/14/2011 8:14:28 AM - System Checkpoint
RP124: 1/17/2011 8:14:36 AM - System Checkpoint
RP125: 1/18/2011 8:41:00 AM - System Checkpoint
RP126: 1/19/2011 8:56:48 AM - System Checkpoint
RP127: 1/21/2011 8:12:00 AM - System Checkpoint
RP128: 1/24/2011 8:04:10 AM - System Checkpoint
RP129: 1/25/2011 8:08:19 AM - System Checkpoint
RP130: 1/26/2011 8:54:19 AM - System Checkpoint
RP131: 1/27/2011 9:44:34 AM - System Checkpoint
RP132: 1/28/2011 10:01:52 AM - System Checkpoint
RP133: 1/31/2011 8:14:37 AM - System Checkpoint
RP134: 2/1/2011 11:18:10 AM - System Checkpoint
RP135: 2/2/2011 12:05:36 PM - System Checkpoint
RP136: 2/3/2011 12:23:28 PM - System Checkpoint
RP137: 2/4/2011 1:45:27 PM - System Checkpoint
RP138: 2/7/2011 8:12:18 AM - System Checkpoint
RP139: 2/8/2011 10:22:01 AM - System Checkpoint
RP140: 2/8/2011 1:09:45 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP141: 2/8/2011 1:09:55 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP142: 2/8/2011 3:06:06 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP143: 2/8/2011 3:06:16 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP144: 2/8/2011 4:08:18 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP145: 2/8/2011 4:08:27 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP146: 2/8/2011 5:25:40 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP147: 2/8/2011 5:25:49 PM - Printer Driver Amyuni PDF Converter 2.07 Installed
RP148: 2/9/2011 5:15:52 PM - Software Distribution Service 3.0
RP149: 2/11/2011 8:07:37 AM - System Checkpoint
RP150: 2/14/2011 8:14:02 AM - System Checkpoint
RP151: 2/16/2011 10:44:49 AM - System Checkpoint
RP152: 2/17/2011 11:21:05 AM - System Checkpoint
RP153: 2/18/2011 11:59:06 AM - System Checkpoint
RP154: 2/22/2011 8:07:31 AM - System Checkpoint
RP155: 2/23/2011 8:08:41 AM - System Checkpoint
RP156: 2/24/2011 11:43:48 AM - System Checkpoint
RP157: 2/25/2011 12:19:58 PM - System Checkpoint
RP158: 2/28/2011 8:08:48 AM - System Checkpoint
RP159: 3/1/2011 8:11:31 AM - System Checkpoint
RP160: 3/2/2011 8:18:37 AM - System Checkpoint
RP161: 3/4/2011 8:11:57 AM - System Checkpoint
RP162: 3/7/2011 8:07:32 AM - System Checkpoint
RP163: 3/8/2011 4:39:00 PM - System Checkpoint
RP164: 3/9/2011 4:58:04 PM - System Checkpoint
RP165: 3/9/2011 5:58:56 PM - Software Distribution Service 3.0
RP166: 3/11/2011 8:17:46 AM - System Checkpoint
RP167: 3/14/2011 8:12:47 AM - System Checkpoint
RP168: 3/15/2011 8:26:48 AM - System Checkpoint
RP169: 3/16/2011 8:58:20 AM - System Checkpoint
RP170: 3/16/2011 5:28:44 PM - Software Distribution Service 3.0
RP171: 3/17/2011 5:34:05 PM - Software Distribution Service 3.0
RP172: 3/21/2011 8:19:11 AM - System Checkpoint
RP173: 3/22/2011 8:54:25 AM - System Checkpoint
RP174: 3/23/2011 9:00:06 AM - System Checkpoint
RP175: 3/24/2011 9:03:06 AM - System Checkpoint
RP176: 3/24/2011 6:22:59 PM - Software Distribution Service 3.0
RP177: 3/28/2011 8:09:16 AM - System Checkpoint
RP178: 3/29/2011 9:58:00 AM - System Checkpoint
RP179: 3/30/2011 9:59:31 AM - System Checkpoint
RP180: 3/31/2011 11:13:04 AM - System Checkpoint
RP181: 4/1/2011 8:25:07 AM - Installed Windows Internet Explorer 8.
RP182: 4/1/2011 8:26:50 AM - Software Distribution Service 3.0
RP183: 4/1/2011 1:08:55 PM - Installed Java(TM) 6 Update 24
RP184: 4/1/2011 1:13:21 PM - Removed Java 2 Runtime Environment, SE v1.4.2_08
RP185: 4/1/2011 1:14:06 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP186: 4/1/2011 1:14:42 PM - Removed J2SE Runtime Environment 5.0 Update 9
RP187: 4/1/2011 1:15:23 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP188: 4/1/2011 1:15:58 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP189: 4/1/2011 1:16:39 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP190: 4/1/2011 1:28:19 PM - Removed Java(TM) 6 Update 2
RP191: 4/1/2011 1:36:10 PM - Removed Java(TM) 6 Update 3
RP192: 4/1/2011 1:36:48 PM - Removed Java(TM) 6 Update 5
RP193: 4/1/2011 1:37:27 PM - Removed Java(TM) 6 Update 7
RP194: 4/1/2011 1:41:11 PM - Software Distribution Service 3.0
RP195: 4/4/2011 8:07:00 AM - System Checkpoint
RP196: 4/5/2011 8:08:52 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.3
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
APC PowerChute Personal Edition
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Core FTP LE 1.3c
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Software Uninstall
Dell Support 3.2
Dell System Restore
Digital Line Detect
EncryptOnClick
FileZilla Client 3.1.2
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML-Kit
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
Norton Internet Security
QuickBooks Pro Edition 2006
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Schmap 2.0
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Update Manager
SyncBack
T4 Internet - T4 par Internet 7.0
Times Reader
TOD 012007
Universal Document Converter (Demo)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/5/2011 7:54:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/3/2011 3:50:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
4/3/2011 3:50:39 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
4/1/2011 2:45:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
4/1/2011 2:04:52 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/1/2011 2:04:52 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
4/1/2011 2:04:52 PM, error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
4/1/2011 1:28:34 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Rob Anderson at 9:10:04.18 on Tue 04/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.452 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Rob Anderson\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cbc.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061023
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Nlahejigulu] rundll32.exe "c:\windows\msaper4D.dll",Startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Lminunufu] rundll32.exe "c:\windows\abikilom.dll",Startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\roband~1\startm~1\programs\startup\syncback.lnk - c:\program files\2brightsparks\syncback\SyncBack.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162576401015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} - hxxp://clyc.dyndns.org:8000/user/TSBnwCam.CAB
TCP: {061124E3-2A7E-4FE4-917C-C7955D828028} = 192.168.2.1,24.224.81.19
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Handler: schmap-help - {2CF664A0-5EA6-47B5-884C-433A60145F78} - c:\program files\schmap\schmap player\Schmapdoclib.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-24 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-24 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-10 800376]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-24 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-24 116784]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-24 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-24 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20110401.001\IDSXpx86.sys [2011-4-5 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20110404.033\NAVENG.SYS [2011-4-5 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20110404.033\NAVEX15.SYS [2011-4-5 1393144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-17 135664]
.
=============== Created Last 30 ================
.
2011-04-01 18:28:12 -------- d-----w- c:\docume~1\roband~1\applic~1\Malwarebytes
2011-04-01 18:27:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 18:27:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-01 18:27:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-01 18:27:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 13:37:56 -------- d-sh--w- c:\documents and settings\rob anderson\IECompatCache
2011-04-01 13:37:29 -------- d-sh--w- c:\documents and settings\rob anderson\PrivacIE
2011-04-01 12:51:32 -------- d-sh--w- c:\documents and settings\rob anderson\IETldCache
2011-04-01 12:29:31 -------- d-----w- c:\windows\ie8updates
2011-04-01 12:24:48 -------- dc-h--w- c:\windows\ie8
2011-04-01 12:21:49 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-04-01 12:21:46 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-04-01 12:21:45 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-01 12:21:45 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-03-09 14:56:01 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-09 14:55:58 88 --sh--r- c:\windows\system32\D776A1B148.sys
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 9:10:54.20 ===============

 

[luckyedsall]

I forgot to mention the contents of the error windows that pop up. The first one says "Error loading C:\WINDOWS\abikilom.dll. The specified module could not be found"

The second one says "Error loading C:\WINDOWS\E1890.dll The specified module could not be found"

The third one says "Error loading C:\WINDOWS\msaper4D.dll The specified module could not be found"

Since running the 8-step scans, the second error window has stopped popping up.

 

[Broni]

Same computer as here: https://www.techspot.com/vb/topic163320.html?

 

[luckyedsall]

No, this is computer number 2. The computer we dealt with on the weekend seems to be running well.

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[luckyedsall]

MBRCheck results:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0020000c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF79B0000 \WINDOWS\system32\KDCOM.DLL
0xF78C0000 \WINDOWS\system32\BOOTVID.dll
0xF7381000 ACPI.sys
0xF79B2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7370000 pci.sys
0xF74B0000 isapnp.sys
0xF78C4000 compbatt.sys
0xF78C8000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF74C0000 MountMgr.sys
0xF7351000 ftdisk.sys
0xF7730000 PartMgr.sys
0xF74D0000 VolSnap.sys
0xF729A000 iastor.sys
0xF74E0000 disk.sys
0xF74F0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF727A000 fltmgr.sys
0xF7224000 SYMDS.SYS
0xF7212000 sr.sys
0xF71E5000 SYMEFA.SYS
0xF71CF000 DRVMCDB.SYS
0xF7738000 PxHelp20.sys
0xF71B8000 KSecDD.sys
0xF712B000 Ntfs.sys
0xF70FE000 NDIS.sys
0xF70E4000 Mup.sys
0xF75A0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5429000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5415000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF53DC000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF7790000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF53B8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7798000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5390000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF535C000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF5339000 \SystemRoot\system32\DRIVERS\ks.sys
0xF523A000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF5193000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77A0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF75B0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A26000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF75C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75D0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BDA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6C41000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF517C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77A8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF516B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7610000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77B8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7620000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A28000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF510D000 \SystemRoot\system32\DRIVERS\update.sys
0xF6C35000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7980000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7580000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF4836000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA9D7D000 \SystemRoot\system32\drivers\sthda.sys
0xA9D59000 \SystemRoot\system32\drivers\portcls.sys
0xF4826000 \SystemRoot\system32\drivers\drmk.sys
0xF3F18000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA7876000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0xF3F0C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF47D6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7768000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA3001000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0xA4648000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA48D7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA48CF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA446E000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0xA2E89000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF79CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7ABC000 \SystemRoot\System32\Drivers\Null.SYS
0xF79CC000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7858000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7860000 \SystemRoot\System32\drivers\vga.sys
0xF79D8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7868000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7870000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA645D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2E42000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA2DE9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2D92000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDI.SYS
0xA2D6C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7660000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2CEC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2CCA000 \SystemRoot\System32\drivers\afd.sys
0xA9F3F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA2C9F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA2C2F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA9EFF000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2BD1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA2BB4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA2B35000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0xA2A6E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
0xA9EEF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA29B7000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA5E42000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA893C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF022000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF049000 \SystemRoot\System32\igxpdv32.DLL
0xBF186000 \SystemRoot\System32\igxpdx32.DLL
0xF47E6000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xA895F000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA29A1000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF6C4D000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A34000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF3829000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA2989000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA2973000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA48BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBF386000 \SystemRoot\System32\ATMFD.DLL
0xA291E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA34C4000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA284E000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2912000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2347000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20110406.001\IDSxpx86.sys
0xF3821000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA2332000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7720000 \SystemRoot\system32\drivers\sysaudio.sys
0xA19BE000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2766000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA070E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110407.002\NAVEX15.SYS
0xA06FA000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110407.002\NAVENG.SYS
0xA0604000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
656 C:\WINDOWS\system32\smss.exe
704 csrss.exe
728 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
980 C:\WINDOWS\system32\svchost.exe
1072 svchost.exe
1176 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1372 svchost.exe
1464 C:\WINDOWS\system32\spoolsv.exe
1936 svchost.exe
1968 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
2032 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
176 C:\Program Files\Java\jre6\bin\jqs.exe
240 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
332 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
1388 alg.exe
3760 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
4016 C:\WINDOWS\explorer.exe
2328 C:\WINDOWS\system32\hkcmd.exe
2372 C:\WINDOWS\system32\igfxpers.exe
2588 C:\WINDOWS\stsystra.exe
1752 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2620 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2484 C:\Program Files\Real\RealPlayer\realplay.exe
2648 C:\WINDOWS\system32\svchost.exe
2656 C:\Program Files\QuickTime\qttask.exe
2668 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
2812 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2788 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1364 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2840 C:\WINDOWS\system32\svchost.exe
2436 C:\WINDOWS\system32\ctfmon.exe
2756 C:\Program Files\Dell Support\DSAgnt.exe
3228 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2856 C:\Program Files\Digital Line Detect\DLG.exe
3484 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
3472 C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
3824 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
3912 C:\Documents and Settings\Rob Anderson\Desktop\MBRCheck.exe
3600 C:\WINDOWS\system32\taskmgr.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-75NCB3, Rev: 10.02E04

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E


Done!

 

[luckyedsall]

Problems! After running MBRCheck successfully, I ran Combofix as per your instructions. It ran, asked me to install Recovery Console, then started scanning, then crashed. Blue screen. I attempted to reboot, got the blue screen again. Tried rebooting in Safe Mode, got the blue screen. Was able to run some diagnostics, memory test, hardware test and all came back OK, but I still can't get windows to start. Any suggestions?

 

[Broni]

Did you try "Last known good configuration"?

If you did....

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Under the Custom Scan box paste this in:
  
  /md5start
  explorer.exe
  winlogon.exe
  userinit.exe
  /md5stop
  
  
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[luckyedsall]

Yep, I tried last configuration safe mode etc. Won't boot up any way I try it. I can get a C:\WINDOWS> prompt in windows recovery console, but i don't have a clue what I'm doing. I'll follow the instructions you posted.

 

[Broni]

OK.....................

 

[luckyedsall]

OK, computer booted up OK using the CD I created. Ran OTL as you instructed and here are the results (I can't access internet from the computer in question):

OTL logfile created on: 4/7/2011 7:07:35 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 815.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 844.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.54 Gb Total Space | 212.36 Gb Free Space | 92.52% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [On_Demand] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2004/07/21 17:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Kernel | On_Demand] -- -- (winachsf)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | Boot] -- -- (PxHelp20)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (mdmxsdk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (iastor)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [Kernel | On_Demand] -- -- (HSFHWBS2)
DRV - File not found [Kernel | On_Demand] -- -- (HSF_DP)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2011/04/07 14:52:28 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2011/03/31 08:05:33 | 001,393,144 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110407.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 08:05:32 | 000,086,136 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110407.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/24 08:43:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/24 08:43:48 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/24 08:25:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS -- (SYMTDI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061023
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061023


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061023
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Faye_Crerar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061023
IE - HKU\Faye_Crerar_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
IE - HKU\Faye_Crerar_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row/en/side.html?channel=ca
IE - HKU\Faye_Crerar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=4061023
IE - HKU\Faye_Crerar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Rob_Anderson_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Rob_Anderson_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Rob_Anderson_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
IE - HKU\Rob_Anderson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/08/25 09:06:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/08/24 08:26:04 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/07 14:52:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\Faye_Crerar_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKU\Rob_Anderson_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [combofix] File not found
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLA] File not found
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] File not found
O4 - HKLM..\Run: [Lminunufu] File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\Faye_Crerar_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Rob_Anderson_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Rob_Anderson_ON_C..\Run: [Nlahejigulu] File not found
O4 - HKLM..\RunOnce: [combofix] File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Rob Anderson\Start Menu\Programs\Startup\SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe (2BrightSparks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Faye_Crerar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rob_Anderson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Rob_Anderson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Rob_Anderson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162576401015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} http://clyc.dyndns.org:8000/user/TSBnwCam.CAB (TSBnwCam Control)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\schmap-help {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\Schmapdoclib.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 14:44:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/07 14:42:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/07 14:42:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/07 14:42:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/07 14:42:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/07 14:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/07 14:42:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/07 14:42:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/01 14:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Anderson\Desktop\Virus_Malware_Spyware Removal
[2011/04/01 14:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob Anderson\Application Data\Malwarebytes
[2011/04/01 14:27:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/01 14:27:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 14:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/01 14:27:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/01 14:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/01 13:09:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/01 13:09:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/01 13:09:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/01 09:37:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rob Anderson\IECompatCache
[2011/04/01 09:37:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rob Anderson\PrivacIE
[2011/04/01 08:51:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/04/01 08:51:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rob Anderson\IETldCache
[2011/04/01 08:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/04/01 08:24:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/04/01 08:21:45 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2006/11/02 16:07:01 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 30 Days ==========

[2011/04/07 14:53:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 14:52:28 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2011/04/07 14:52:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/07 14:44:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/07 14:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 12:01:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Rob Anderson\Desktop\Microsoft Office Word 2003.lnk
[2011/04/07 12:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack daily local.job
[2011/04/07 11:20:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Daily_Crerar5_Work.job
[2011/04/07 10:15:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Daily_Crerar_5_Robs_Work.job
[2011/04/07 08:17:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/07 08:17:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/07 07:57:10 | 1063,297,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 17:13:51 | 000,001,403 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2011/04/01 14:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 13:42:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/01 08:51:35 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Rob Anderson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/29 08:09:15 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/29 08:09:15 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/17 17:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/14 11:28:20 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 11:28:20 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/09 10:56:01 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/03/09 10:55:58 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\D776A1B148.sys

========== Files Created - No Company Name ==========

[2011/04/07 14:52:28 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2011/04/07 14:44:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/07 14:44:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/07 14:42:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/07 14:42:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/07 14:42:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/07 14:42:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/07 14:42:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/04 17:34:05 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Rob Anderson\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/04 17:29:02 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/11 17:55:35 | 000,073,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/20 16:51:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/08/20 11:12:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Osejafugahopi.dat
[2010/08/20 11:12:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qmiduxi.bin
[2010/02/05 10:21:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/22 13:57:35 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Rob Anderson\Application Data\dvd.bmk
[2010/01/21 14:04:14 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Rob Anderson\Local Settings\Application Data\fusioncache.dat
[2008/10/08 12:05:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2008/05/27 11:33:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvgTdiX.sys
[2007/08/14 10:19:15 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Rob Anderson\USB001
[2007/07/31 18:56:12 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2007/07/31 18:56:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2007/05/14 10:01:39 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Rob Anderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/02 16:06:46 | 000,265,416 | ---- | C] () -- C:\Documents and Settings\Faye Crerar\TRANSFORMS=1033.mst
[2006/11/07 16:37:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/07 16:37:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D776A1B148.sys
[2006/11/02 16:06:53 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2006/10/31 18:12:21 | 000,265,416 | ---- | C] () -- C:\Documents and Settings\Rob Anderson\TRANSFORMS=1033.mst
[2006/10/31 18:11:21 | 000,265,416 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\TRANSFORMS=1033.mst
[2006/10/23 14:48:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/23 14:41:10 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/23 14:38:04 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/10/23 14:35:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/23 14:31:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/23 14:12:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/23 14:12:09 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/10/23 14:12:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/10/23 14:10:41 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/01 21:46:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2005/04/01 21:46:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,158,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,445,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,073,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/01/17 17:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Faye Crerar\Application Data\Schmap
[2010/08/20 13:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\456BC871B8C5594703BE7C004B3474E4
[2010/11/11 14:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/04 17:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2006/11/03 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\CoreFTP
[2009/08/11 13:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\FileZilla
[2006/12/28 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\Leadertech
[2006/11/03 14:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\OfficeUpdate12
[2011/01/11 17:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\Schmap
[2010/11/11 14:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\UDC Profiles
[2010/08/24 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/10/23 14:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/07 12:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack daily local.job
[2011/04/07 11:20:01 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Daily_Crerar5_Work.job
[2011/04/07 10:15:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Daily_Crerar_5_Robs_Work.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

 

[Broni]

Do this on the computer you are posting from:
Copy the text in the codebox below:

:OTL
DRV - [2011/04/07 14:52:28 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [combofix] File not found
O4 - HKLM..\Run: [Lminunufu] File not found
O4 - HKU\Rob_Anderson_ON_C..\Run: [Nlahejigulu] File not found
O4 - HKLM..\RunOnce: [combofix] File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/03/09 10:55:58 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\D776A1B148.sys
[2010/08/20 11:12:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Osejafugahopi.dat
[2010/08/20 11:12:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qmiduxi.bin
[2010/08/20 13:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob Anderson\Application Data\456BC871B8C5594703BE7C004B3474E4
[2010/08/24 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/10/23 14:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

• Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
  
  • (The content of Fix.txt should appear in the box)
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log produced (you'll need to transfer it with USB stick)
• Attempt to reboot normally into Windows.

 

[luckyedsall]

Here is the log after running the fix

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vkquwexg deleted successfully.
C:\WINDOWS\system32\drivers\Combo-Fix.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Lminunufu deleted successfully.
Registry value HKEY_USERS\Rob_Anderson_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Nlahejigulu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_USERS\Faye_Crerar_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_USERS\Rob_Anderson_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Faye_Crerar_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\Rob_Anderson_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\system32\D776A1B148.sys moved successfully.
C:\WINDOWS\Osejafugahopi.dat moved successfully.
C:\WINDOWS\Qmiduxi.bin moved successfully.
C:\Documents and Settings\Rob Anderson\Application Data\456BC871B8C5594703BE7C004B3474E4 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Faye Crerar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Rob Anderson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2605015 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 983 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 3.00 mb


OTLPE by OldTimer - Version 3.1.46.0 log created on 04072011_201533


OTL didn't ask me to reboot when it was finished. Do I need to reboot using the CD-ROM first, then shut down and try to reboot normally again?

 

[Broni]

Remove the CD and see, if you can restart normally.

 

[luckyedsall]

No, it wouldn't restart normally, or with last known good configuration, or in safe mode.

 

[Broni]

I just found out, that there was a bug in Combofix, fixed by now.
I apologize for that.

Let's see, if we use system restore to get your computer back.

If you have Windows XP CD... (if you don't have Windows CD, scroll down)

1. Boot from the CD.
2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:

3. You'll find yourself at this screen:

4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

6. This will bring you to a prompt that says:

C:\WINDOWS>

7. Type:

cd \

Press Enter

Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

8. The prompt should now say:

C:\>

9. Type:

cd system~1\_resto~1

Press Enter.

===============================================================================

Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

Type: cd \

Press Enter

Type: cd windows\system32\config

Press Enter

Type: ren system system.bak

Press Enter

(note the spaces between ren and system, and then between system and system.bak)

Type: exit

Press Enter

now the computer should restart, then follow steps 1-9

===============================================================================

10. Type:

dir

Press Enter

NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

11. Type:

cd rp{with the second to the last restore point number }

Press Enter

Example: cd rp9. if rp10 is the last restore point

12. Type:

cd snapshot

Press Enter.

NOTICE: Now the command prompt will look like this:

c:\system~1\resto~1\rp9\snapshot

Note : restore point 9 assumed for clarity of the content.


13. Type:

copy _registry_machine_system c:\windows\system32\config\system

Press Enter

14. Type:

Exit

Press Enter.

Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

copy _registry_machine_software c:\windows\system32\config\software

Alternatively, select different restore point.



If you don't have Windows CD...

Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD (use "Write image file to disc" option).
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

Follow steps 3 - 14.

 

[luckyedsall]

I don't have a windows cd, so I downloaded windows recovery console and imgburn, created a cd and tried to start the computer with the cd. It crashed again and I got a blue screen.

 

[Broni]

Are you sure, you're actually booting from the CD?
How far did it boot?

 

[luckyedsall]

When booting up, it asks me to press any key to boot from CD, then a blue windows setup screen comes on with a silver message bar at the bottom. It says Setup is loading several files, then it says Setup is starting windows and after about 10 seconds, it crashes.

 

[Broni]

Well, you must have some other issues on a top of an infection.

What does the BSOD say.
I need all info from there.

 

[luckyedsall]

I just found a Windows XP Pro CD - should I try it as per your instructions?

"If you have Windows XP CD... (if you don't have Windows CD, scroll down)

1. Boot from the CD.
2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:


etc..."

 

[luckyedsall]

Not sure what this means

"What does the BSOD say.
I need all info from there. "

 

[Broni]

Absolutely.