TechSpot

Rootkit.agent C:\WINDOWS\system32\drivers\ubschvbx.sys

By Lahta
Aug 29, 2010
  1. I'm trying to get rid of a rootkit.agent nasty thing and so far have not had any success. I have identified where it is hiding but I cannot delete the file. I have attached 2 logs from running hijackthis and combfix. Please help! Thanks.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  3. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    Posting logs after 8 steps

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4511

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    8/30/2010 9:24:21 PM
    mbam-log-2010-08-30 (21-24-21).txt

    Scan type: Quick scan
    Objects scanned: 132171
    Time elapsed: 6 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\drivers\ubschvbx.sys (Rootkit.Agent) -> Delete on reboot.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-08-30 21:39:44
    Windows 5.1.2600 Service Pack 3
    Running: ln19s1u6.exe; Driver: C:\DOCUME~1\DELLCU~1\LOCALS~1\Temp\kfwirpod.sys


    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89A9CC48

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [BOOT] ubschvbx <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Dell Customer at 22:02:06.54 on Mon 08/30/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1450 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Dell Customer\My Documents\RCA Detective\RCADetective.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Dell Customer\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bigseekpro.com/splitcam/{407B64BF-EC8A-487B-8B59-EDAF90E94F59}
    mStart Page = hxxp://www.bigseekpro.com/splitcam/{407B64BF-EC8A-487B-8B59-EDAF90E94F59}
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [Google Update] "c:\documents and settings\dell customer\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\dellcu~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\dell customer\my documents\rca detective\RCADetective.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dellcu~1\applic~1\mozilla\firefox\profiles\v4fo41v2.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\dell customer\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\dell customer\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\dell customer\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\dell customer\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\dell customer\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Google
    FF - user.js: browser.search.order.1 - Google
    FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101053100&s=
    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-22 11608]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-18 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-18 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-18 243024]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-22 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-22 267432]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-22 60936]
    S2 gupdate1ca1fb41e9b77c0;Google Update Service (gupdate1ca1fb41e9b77c0);c:\program files\google\update\GoogleUpdate.exe [2009-8-17 133104]

    =============== Created Last 30 ================

    2010-08-31 01:52:30 0 d-----w- c:\windows\system32\wbem\Logs
    2010-08-29 17:28:18 0 d-sha-r- C:\cmdcons
    2010-08-29 17:18:33 98816 ----a-w- c:\windows\sed.exe
    2010-08-29 17:18:33 77312 ----a-w- c:\windows\MBR.exe
    2010-08-29 17:18:33 256512 ----a-w- c:\windows\PEV.exe
    2010-08-29 17:18:33 161792 ----a-w- c:\windows\SWREG.exe
    2010-08-29 16:40:16 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2010-08-25 04:52:49 0 d-----w- c:\windows\system32\NtmsData
    2010-08-25 04:52:23 0 d-----w- c:\docume~1\dellcu~1\applic~1\Avira
    2010-08-23 23:28:30 0 d-----w- c:\program files\Trend Micro
    2010-08-23 03:13:26 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-08-23 03:13:25 0 d-----w- c:\program files\Avira
    2010-08-23 03:13:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-08-23 02:52:53 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-23 02:52:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-08-20 00:57:13 5 ----a-w- C:\zrpt.xml
    2010-08-20 00:57:10 0 ----a-w- c:\windows\system32\drivers\ubschvbx.sys
    2010-08-20 00:56:44 0 d-----w- c:\docume~1\dellcu~1\applic~1\DMCache
    2010-08-20 00:56:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
    2010-08-19 23:18:41 0 d-----w- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
    2010-08-19 23:18:16 0 d-----w- c:\program files\burnatonce
    2010-08-18 05:53:35 0 d-----w- c:\docume~1\dellcu~1\applic~1\GetRight
    2010-08-15 02:19:35 0 d-----w- c:\program files\Yahoo!
    2010-08-03 19:43:40 0 d-----w- c:\program files\iPod
    2010-08-03 19:43:35 0 d-----w- c:\program files\iTunes
    2010-08-03 19:39:46 0 d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2010-08-01 23:42:24 40740 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-25 22:08:01 28672 ----a-w- c:\windows\fonts\pyview.ttf
    2010-07-15 13:51:08 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-15 13:51:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-15 13:50:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-22 09:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

    ============= FINISH: 22:02:44.64 ===============
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, never zip any logs.

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Delete your Combofix file and....

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    MBR Text:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xB9EA1000 ubschvbx.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9E82000 ftdisk.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9DAD000 iaStor.sys
    0xB9D95000 atapi.sys
    0xBA338000 cercsr6.sys
    0xB9D7D000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9D5D000 fltmgr.sys
    0xB9D4B000 sr.sys
    0xB9D36000 drvmcdb.sys
    0xBA340000 PxHelp20.sys
    0xB9D1F000 KSecDD.sys
    0xB9C92000 Ntfs.sys
    0xB9C65000 NDIS.sys
    0xB9C4B000 Mup.sys
    0xB914C000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB8BB3000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xB1C71000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB0FC7000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xBA420000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB02D0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8FD1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xAEC6E000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xAE471000 \SystemRoot\system32\drivers\portcls.sys
    0xB722A000 \SystemRoot\system32\drivers\drmk.sys
    0xADC90000 \SystemRoot\system32\drivers\ks.sys
    0xAD1E3000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xADD18000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xAD6ED000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA654000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xAD6DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xAD6CD000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xADD10000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xAE255000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xAD6BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xAE899000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xAC525000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xAD6AD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xAD69D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xADD08000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xAC514000 \SystemRoot\system32\DRIVERS\psched.sys
    0xAD68D000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xADD00000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xADCF8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xAD67D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xADCF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xADCE8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA656000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xAC4B6000 \SystemRoot\system32\DRIVERS\update.sys
    0xAE88D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xABFA6000 \SystemRoot\system32\drivers\ha20x2k.sys
    0xABF79000 \SystemRoot\system32\drivers\emupia2k.sys
    0xABF52000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xABEB6000 \SystemRoot\system32\drivers\ctac32k.sys
    0xACF12000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xACED2000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA662000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA666000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xAC605000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA668000 \SystemRoot\System32\Drivers\Beep.SYS
    0xACF62000 \SystemRoot\system32\drivers\ssrtln.sys
    0xACF5A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xACF52000 \SystemRoot\System32\drivers\vga.sys
    0xBA66A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA66C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xACF4A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xACF42000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xACFCD000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA3E41000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA3DE8000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA3DC2000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA3D88000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xACEB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA3D60000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA3D3E000 \SystemRoot\System32\drivers\afd.sys
    0xACEA2000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xACF3A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xA3D13000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA3CA3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xACE92000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA3C81000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xACF2A000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xA3C4D000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xB90A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAC554000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xB8F91000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB8FA9000 \SystemRoot\system32\DRIVERS\HPZius12.sys
    0xB8F99000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xBA1E8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
    0xAC550000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
    0xAC544000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB477C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xAC540000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB3C19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA5BE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xB474C000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA3B78000 \SystemRoot\System32\Drivers\dump_iastor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB928B000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB90DC000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7E0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF065000 \SystemRoot\System32\ati2cqag.dll
    0xBF0FE000 \SystemRoot\System32\atikvmag.dll
    0xBF182000 \SystemRoot\System32\atiok3x2.dll
    0xBF1CD000 \SystemRoot\System32\ati3duag.dll
    0xBF572000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA1963000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xBA318000 \SystemRoot\system32\drivers\drvnddm.sys
    0xB1C98000 \SystemRoot\system32\dla\tfsndres.sys
    0xA194E000 \SystemRoot\system32\dla\tfsnifs.sys
    0xB4116000 \SystemRoot\system32\dla\tfsnopio.sys
    0xACE38000 \SystemRoot\system32\dla\tfsnpool.sys
    0xBA360000 \SystemRoot\system32\dla\tfsnboio.sys
    0xBA158000 \SystemRoot\system32\dla\tfsncofs.sys
    0xB1C97000 \SystemRoot\system32\dla\tfsndrct.sys
    0xA1935000 \SystemRoot\system32\dla\tfsnudf.sys
    0xA191C000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xAF07C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA1727000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAC574000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA1684000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xAE33F000 \SystemRoot\System32\drivers\aspi32.sys
    0xA0ECD000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA05A9000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    608 C:\WINDOWS\system32\smss.exe
    656 csrss.exe
    688 C:\WINDOWS\system32\winlogon.exe
    732 C:\WINDOWS\system32\services.exe
    744 C:\WINDOWS\system32\lsass.exe
    964 C:\WINDOWS\system32\ati2evxx.exe
    980 C:\WINDOWS\system32\svchost.exe
    1060 svchost.exe
    1156 C:\WINDOWS\system32\svchost.exe
    1252 svchost.exe
    1364 svchost.exe
    1468 C:\WINDOWS\system32\ati2evxx.exe
    1484 C:\Program Files\AVG\AVG9\avgchsvx.exe
    1496 C:\Program Files\AVG\AVG9\avgrsx.exe
    1648 C:\WINDOWS\system32\spoolsv.exe
    1684 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    1832 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    436 svchost.exe
    624 C:\WINDOWS\explorer.exe
    1020 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    1164 C:\WINDOWS\CTHELPER.EXE
    1188 C:\WINDOWS\system32\CTXFIHLP.EXE
    1220 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    1240 C:\WINDOWS\system32\dla\tfswctrl.exe
    1332 C:\WINDOWS\system32\CTXFISPI.EXE
    1348 C:\PROGRA~1\AVG\AVG9\avgtray.exe
    1388 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    1524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1544 C:\Program Files\iTunes\iTunesHelper.exe
    1572 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1940 C:\WINDOWS\system32\ctfmon.exe
    2224 C:\Documents and Settings\Dell Customer\My Documents\RCA Detective\RCADetective.exe
    2464 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2504 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2524 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2564 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    2636 C:\Program Files\Bonjour\mDNSResponder.exe
    2692 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    3072 C:\Program Files\Java\jre6\bin\jqs.exe
    3120 C:\WINDOWS\system32\HPZipm12.exe
    3212 C:\WINDOWS\system32\PnkBstrA.exe
    3320 C:\WINDOWS\system32\svchost.exe
    3380 C:\Program Files\AVG\AVG9\avgnsx.exe
    3600 C:\Program Files\AVG\AVG9\avgemc.exe
    3784 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    2440 C:\Program Files\iPod\bin\iPodService.exe
    3180 alg.exe
    3548 C:\Program Files\Mozilla Firefox\firefox.exe
    2180 C:\Documents and Settings\Dell Customer\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600JS-75NCB1, Rev: 10.02E01

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)
     
  7. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    Houston we have a problem! The computer will not reboot. It goes to a black screen and stays there??
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    What was the last thing, you did?
     
  9. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    After I posted the MBR text and you said it looked good I went ahead and ran malware and it looked good and then avast and it looked good and then tried to reboot and it will not go past the dell logo screen. Cannot boot in safe mode. Recovery mode went as far as running the "driver" screen but it does appear that there could be a driver issue because the "list" ends 3/4 way down the screen and will not boot past that point.
     
  10. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    update - I am able to get the c prompt
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    First of all, I didn't ask you to do that....
    By "malware" do you mean Malwarebytes?


    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  12. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    Yes, I meant Malwarebytes. I did not mean to imply that you told me to run the scans, I just did. Was I supposed to do something else after posting the MBR text?

    Here is the OTL.txt file:

    (in two parts because it is so long)

    OTL logfile created on: 9/1/2010 11:09:41 PM - Run
    OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 43.41 Gb Free Space | 29.13% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/07/21 09:48:20 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/07/15 09:51:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/06/10 22:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/04/01 14:33:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 11:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\splitcam.sys -- (SPLITCAM)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\DELLCU~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Auto] -- -- (adfs)
    DRV - [2010/09/01 08:56:59 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ubschvbx.sys -- (ubschvbx)
    DRV - [2010/07/15 09:51:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/07/15 09:50:25 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/02 09:19:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/03/01 11:05:26 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 15:24:02 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 13:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 11:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/02/25 18:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2008/05/06 02:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2006/04/24 15:12:52 | 001,096,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2005/11/08 22:15:00 | 000,439,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2005/11/08 22:15:00 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005/11/08 22:14:00 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005/11/08 22:14:00 | 000,143,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/11/08 22:14:00 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/11/08 22:14:00 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005/07/13 19:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2005/04/25 11:28:14 | 000,871,040 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor)
    DRV - [2005/03/31 19:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2004/03/15 03:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/03/15 03:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/03/15 03:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/03/15 03:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/03/15 03:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/03/15 03:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/03/15 03:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/03/15 03:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/03/15 03:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/02/27 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/02/13 05:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/01/14 21:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/01/14 21:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{407B64BF-EC8A-487B-8B59-EDAF90E94F59}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Dell_Customer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{407B64BF-EC8A-487B-8B59-EDAF90E94F59}
    IE - HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



    IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 09:49:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 07:06:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/18 15:47:48 | 000,000,000 | ---D | M]

    [2010/08/31 19:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/18 15:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/06/22 05:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/08/29 13:54:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKU\Dell_Customer_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\Dell_Customer_ON_C..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
    O4 - HKU\Dell_Customer_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\Dell Customer\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\Administrator\My Documents\RCA Detective\RCADetective.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Dell_Customer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Dell_Customer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Dell_Customer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
     
  13. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/25 23:07:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/31 18:34:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
    [2010/08/30 23:03:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/30 21:53:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dell Customer\Recent
    [2010/08/30 21:51:52 | 001,079,296 | ---- | C] (ADDPCs) -- C:\Documents and Settings\Dell Customer\Desktop\tempCleaner.exe
    [2010/08/29 20:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Desktop\topic58138_files
    [2010/08/29 13:28:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/29 13:18:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/08/29 13:18:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/08/29 13:18:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/08/29 13:18:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/08/29 13:18:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/29 13:17:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/08/29 12:40:16 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
    [2010/08/25 00:52:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/08/25 00:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Application Data\Avira
    [2010/08/23 19:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/08/23 19:28:05 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dell Customer\Desktop\HJTInstall.exe
    [2010/08/22 23:13:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/08/22 23:13:26 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/08/22 23:13:26 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/08/22 23:13:26 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/08/22 23:13:26 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/08/22 23:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/08/22 23:11:24 | 000,407,680 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Dell Customer\Desktop\aswclnr.exe
    [2010/08/22 22:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TSVNCache
    [2010/08/22 22:54:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
    [2010/08/22 22:54:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
    [2010/08/22 22:54:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
    [2010/08/22 22:54:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
    [2010/08/22 22:54:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
    [2010/08/22 22:54:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
    [2010/08/22 22:54:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
    [2010/08/22 22:54:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
    [2010/08/22 22:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
    [2010/08/22 22:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
    [2010/08/22 22:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
    [2010/08/22 22:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
    [2010/08/22 22:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
    [2010/08/22 22:52:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/08/22 22:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/08/21 00:37:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2010/08/21 00:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\rpdlnxdmm
    [2010/08/20 23:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
    [2010/08/20 23:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/08/20 00:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/08/20 00:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/20 00:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
    [2010/08/19 21:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/08/19 21:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/08/19 20:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\qmuvrjkbe
    [2010/08/19 20:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Application Data\DMCache
    [2010/08/19 19:18:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
    [2010/08/19 19:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\burnatonce
    [2010/08/18 01:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Application Data\GetRight
    [2010/08/14 22:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Application Data\Yahoo!
    [2010/08/14 22:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\Yahoo
    [2010/08/14 22:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2010/08/11 20:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\My Documents\SOAPS
    [2010/08/03 15:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/08/03 15:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/08/03 15:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2009/03/26 00:25:36 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/01 08:57:03 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/09/01 08:57:03 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
    [2010/09/01 08:57:03 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2010/09/01 08:57:03 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2010/09/01 08:57:03 | 000,055,172 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
    [2010/09/01 08:57:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2010/09/01 08:57:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2010/09/01 08:57:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/01 08:56:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ubschvbx.sys
    [2010/09/01 08:56:43 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Dell Customer\ntuser.dat
    [2010/09/01 08:56:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/01 08:56:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dell Customer\ntuser.ini
    [2010/09/01 07:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/01 07:57:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1580818891-839522115-1004UA.job
    [2010/09/01 03:29:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/09/01 02:59:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/31 18:29:52 | 064,139,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/08/31 10:57:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1580818891-839522115-1004Core.job
    [2010/08/30 23:10:15 | 000,003,512 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Desktop\Attach.zip
    [2010/08/30 22:37:34 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Desktop\ln19s1u6.exe
    [2010/08/30 22:24:49 | 004,315,648 | -H-- | M] () -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\IconCache.db
    [2010/08/29 20:13:11 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/29 20:10:09 | 000,070,468 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Desktop\topic58138.html
    [2010/08/29 13:54:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/29 13:54:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/29 13:28:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/29 12:40:14 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
    [2010/08/27 16:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/25 04:01:14 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\Dell Customer\My Documents\spirit.rtf
    [2010/08/23 19:29:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Desktop\HijackThis.lnk
    [2010/08/23 19:28:03 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dell Customer\Desktop\HJTInstall.exe
    [2010/08/23 02:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Desktop\Google Chrome.lnk
    [2010/08/23 02:58:06 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/08/22 23:11:24 | 000,407,680 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Dell Customer\Desktop\aswclnr.exe
    [2010/08/22 22:56:02 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/08/22 22:56:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/08/22 22:55:59 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2010/08/22 22:36:46 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\housecall.guid.cache
    [2010/08/21 00:36:41 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
    [2010/08/21 00:24:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/19 21:05:00 | 000,047,392 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/08/19 21:03:02 | 002,080,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/19 19:18:19 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Desktop\burnatonce.lnk
    [2010/08/19 03:29:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/15 14:53:59 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/14 22:20:01 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\Dell Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2010/08/11 04:04:50 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/11 04:04:50 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/11 04:04:50 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/30 23:10:15 | 000,003,512 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Desktop\Attach.zip
    [2010/08/30 22:37:33 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Desktop\ln19s1u6.exe
    [2010/08/29 20:10:08 | 000,070,468 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Desktop\topic58138.html
    [2010/08/29 13:28:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/29 13:28:20 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/29 13:18:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/29 13:18:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/29 13:18:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/29 13:18:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/29 13:18:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/08/25 03:48:21 | 000,002,662 | ---- | C] () -- C:\Documents and Settings\Dell Customer\My Documents\spirit.rtf
    [2010/08/23 19:29:20 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Desktop\HijackThis.lnk
    [2010/08/22 22:54:15 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/08/22 22:54:13 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2010/08/22 22:54:13 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.dat.LOG
    [2010/08/22 22:36:46 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\housecall.guid.cache
    [2010/08/19 20:57:13 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
    [2010/08/19 20:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ubschvbx.sys
    [2010/08/19 19:18:19 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Desktop\burnatonce.lnk
    [2010/08/14 22:20:01 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2010/08/11 16:47:49 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/04/27 14:53:05 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\Dell Customer\ntuser.dat
    [2010/04/27 14:53:05 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
    [2010/02/21 05:25:59 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\Dell Customer\.recently-used.xbel
    [2010/02/19 20:29:53 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Dell Customer\jagex_runescape_preferences2.dat
    [2010/02/19 20:28:48 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Dell Customer\jagex_runescape_preferences.dat
    [2010/02/11 23:48:09 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/02/11 23:48:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/02/11 23:48:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2010/02/11 23:48:04 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/02/11 23:48:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2010/01/06 01:10:55 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
    [2009/07/25 18:35:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2009/06/27 21:38:42 | 000,137,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2009/06/27 15:33:17 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/26 18:51:25 | 007,277,568 | ---- | C] () -- C:\WINDOWS\System32\iPodmedia.dll
    [2009/06/14 22:56:23 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
    [2009/06/14 22:56:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
    [2009/06/09 17:42:15 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/06/09 17:42:15 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/06/01 14:08:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/03/26 00:44:23 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/03/26 00:25:50 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
    [2009/03/26 00:25:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2009/03/26 00:25:50 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2009/03/26 00:25:37 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2009/03/26 00:25:36 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2009/03/25 23:21:22 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Dell Customer\ntuser.dat.LOG
    [2009/03/25 23:21:22 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Dell Customer\ntuser.ini
    [2009/03/25 23:20:33 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2009/03/25 23:20:33 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2009/03/25 23:10:29 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2009/03/25 23:10:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2009/03/25 23:10:29 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2004/03/26 18:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

    ========== LOP Check ==========


    ========== Purity Check ==========


    < End of report >

    Thanks for your help.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    What I'm saying id that you shouldn't run anything else, but what I ask you to run :)


    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    IE - HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - Startup: C:\Documents and Settings\Dell Customer\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\Administrator\My Documents\RCA Detective\RCADetective.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) 
    [2010/08/19 20:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell Customer\Local Settings\Application Data\qmuvrjkbe
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
  15. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\Dell_Customer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    C:\Documents and Settings\Dell Customer\Start Menu\Programs\Startup\RCA Detective.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\Dell_Customer_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Documents and Settings\Dell Customer\Local Settings\Application Data\qmuvrjkbe folder moved successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SETE5.tmp deleted successfully.
    C:\WINDOWS\System32\SETE9.tmp deleted successfully.
    C:\WINDOWS\System32\SETF1.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========
    Error: Unable to interpret <[emptytemp]Open Notepad and paste it.> in the current context!

    OTLPE by OldTimer - Version 3.1.40.0 log created on 09022010_080929
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Did you try to boot normally?
     
  17. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    Yes, I tried to boot normally and it still stops at the black screen.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I didn't really see anything malicious in your OTL log, so I suspect, that one of the above scans removed some crucial Windows file (s).
    That's why, it's so important not to do anything else, but what I ask for.

    Do you have Windows XP CD?

    Let's see, if we can use system restore here...

    If you have Windows XP CD... (if you don't have Windows CD, scroll down)

    1. Boot from the CD.
    2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R:

    [​IMG]

    3. You'll find yourself at this screen:

    [​IMG]

    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:

    C:\WINDOWS>

    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:

    C:\>

    9. Type:

    cd system~1\_resto~1

    Press Enter.

    ===============================================================================

    Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9


    ===============================================================================

    10. Type:

    dir

    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:

    c:\system~1\resto~1\rp9\snapshot

    Note : restore point 9 assumed for clarity of the content.


    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:

    Exit

    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.



    If you don't have Windows CD...

    Download Windows Recovery Console: http://www.thecomputerparamedic.com/files/rc.iso
    Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
    Using Imgburn, burn rc.iso to a CD.
    Boot to the CD...let it finish loading.
    When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    Follow steps 3 - 14.
     
  19. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    [/QUOTE] Do you have Windows XP CD?

    Using Imgburn, burn rc.iso to a CD.
    [/QUOTE]

    No, I do not have the cd. I tried to burn rc.iso to a cd using imgburn but so far no luck so I must be doing something wrong. There are multiple choices in imgburn so which one do I need? I assumed it was "write files/folders to disc"?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    No, this is an .iso file, so use "Write image file to disc".
     
  21. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    When booting from the cd it goes to the blue windows screen, but it is different than the one shown under #2 in the instructions. A series of commands scroll across the bottom of the screen, it never comes to the window to let me choose repair or recovery. The "blue screen" that says..a problem has been detected and windows has been shut down...etc. is all I get. ??
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I don't think you're booting to the CD, but let's try another method.

    Remove the CD and restart computer.
    Watch the screen closely.
    At some point, you should see the option to boot to Windows, or to boot to Recovery Console.
    Using keyboard's arrow key, select Recovery Console and press Enter.
    After a moment, you should see this:
    [​IMG]
     
  23. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    Okay, so I tried taking the cd out, going through the steps and then rebooting with the cd and it did the same thing - went through the windows setup but went to the blue screen. I have attached a shot of the screen, even though you can't read what's on it. Am I doing a step wrong? Do I need to try something else?
     

    Attached Files:

  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    At this point, I don't have a simple answer.
    We need do more checking.

    Firstly, I strongly suggest, you ask around, if you can borrow Windows CD from someone.

    Now, let's see, if your hard drive is OK.

    Run hard drive diagnostics: http://www.tacktech.com/display.cfm?ttid=287 (or http://www.bleepingcomputer.com/forums/index.php?showtopic=28744&hl=hard+drive+diagnostic)
    Make sure, you select tool, which is appropriate for the brand of your hard drive.
    Depending on the program, it'll create bootable floppy, or bootable CD.
    If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
    For Toshiba hard drives, see here: http://sdd.toshiba.com/main.aspx?Pa...rivesUSandCanada/SoftwareUtilities#diagnostic
     
  25. Lahta

    Lahta TS Rookie Topic Starter Posts: 22

    How can I do this if I cannot get past the BSOD?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...