Jump to content

Infected


caewe12
 Share

Recommended Posts

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

OK, this is a Dell computer and it has a separate partition with repair options, can you get to that?

Do you also have the Windows cd?

I'm not sure what keys to press while booting to enter the repair options, just go to the link below and enter you tag number to find out.

You'll get to info on repair options, don't do anything yet, just let me know the options and give me the link from Dell.

http://www.dell.com/...t/home/us/en/04

I suspect that there's a problem with the master boot record (MBR)

Let me know, MrC (be back latter in the day)

Link to post
Share on other sites

Hi,

I have been all over the Dell site and am feeling lost. I downloaded the owner's manual and it said there is a diagnostics program F12 but think my problem is beyond that. I did find an article about the bluescreen with my error but I need the windows installation disc to do anything. I cannot find the windows disc and don't recall ever having one. I have the drivers disc and the orginal mcafee backup but no windows. Can you advise me? Thanks.

Cheryl

Link to post
Share on other sites

Please try this>>>>>>>>>>>

  1. Download NTBR_CD by noahdfear.
  2. Extract its contents to the desktop.
  3. Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  4. Insert a blank CD when prompted. The .iso image will be burned to the CD.
  5. Boot the computer with the CD you just burned and follow the prompts.
  6. Press Enter for English.
  7. At the menu type 1 to select MBRWORK then hit Enter
    This screen will show the hard drive configuration.
    mbr_tool_fix.gif
  8. Type 5 to Install standard MBR code then hit Enter
  9. Type 1 to select Standard then hit Enter
  10. Type Y then hit Enter to confirm
  11. Type E then hit Enter to exit
  12. Back at the menu, type 6 to Quit.
  13. Press Ctrl+Alt+Del to restart the machine.
  14. Eject the CD upon restart and boot normally.

MrC

Link to post
Share on other sites

Hi,

Having trouble with the disc. I downloaded NTBR_CD but when I click on the icon I keep getting a warning stating that it wants to make changes to my computer. I am afraid to say yes as I am borrowing this laptop. I burned it directly but when I boot up with it nothing happens....blue death screen. Should I open it on the laptop? Am I missing a step before I burn it? Wanted to let you know I contacted Dell requesting an installation disc for Windows...just waiting now. Please advise. Sorry so inept. Thank you for all your help. Cheryl

Link to post
Share on other sites

Yes it's OK to open.

Download NTBR_CD.exe to a folder

Just double click on NTBR_CD.exe to extract it

That should create a folder called NTBR_CD

Inside the folder will be BurnCDCC.exe, BurnItCD.cmd and NTBR_CD.iso

To burn the disk > double click on the BurnItCD.cmd application

Insert a blank CD when prompted. The .iso image will be burned to the CD.

  1. Boot the computer with the CD you just burned and follow the prompts.
  2. Press Enter for English.
  3. At the menu type 1 to select MBRWORK then hit Enter
    This screen will show the hard drive configuration.
    mbr_tool_fix.gif
  4. Type 5 to Install standard MBR code then hit Enter
  5. Type 1 to select Standard then hit Enter
  6. Type Y then hit Enter to confirm
  7. Type E then hit Enter to exit
  8. Back at the menu, type 6 to Quit.
  9. Press Ctrl+Alt+Del to restart the machine.
  10. Eject the CD upon restart and boot normally.

MrC

Link to post
Share on other sites

It starts with a black screen offering the choices of safe mode, safe mode with networking, safe mode with command or windows, last known good config or start normally. Then the windows screen pops up for a few seconds then right to the blue screen. Thanks again. Cheryl

Link to post
Share on other sites

Hi,

That went fairly well except for the 2nd log wouldn't save to the flashdrive so I copied it into the 1st log. Here it is. Thanks. CAE

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2012

Ran by SYSTEM at 08-12-2012 20:57:20

Running from E:\

Microsoft Windows XP (X86) OS Language: English(US)

The current controlset is ControlSet006

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-04-14] (ATI Technologies, Inc.)

HKLM\...\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [69632 2005-06-07] ()

HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-30] (RealNetworks, Inc.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)

HKLM\...\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()

HKLM\...\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)

HKLM\...\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [71216 2006-10-23] (AOL LLC)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [sigmatelSysTrayApp] stsystra.exe [x]

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [729544 2012-11-17] (Webroot)

HKU\Administrator\...\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [395776 2006-08-28] (Gteko Ltd.)

HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)

HKU\Administrator\...\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-08-08] (Microsoft® Corporation)

HKU\Administrator\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Default User\...\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup [395776 2006-08-28] (Gteko Ltd.)

HKU\Ekenbarger's\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-07-28] (Google Inc.)

HKU\LocalService\...\Policies\system: [DisableCMD] 0

HKU\LocalService\...\Policies\system: [NoDispAppearancePage] 0

HKU\LocalService\...\Policies\system: [NoDispBackgroundPage] 0

HKU\LocalService\...\Policies\system: [NoDispSettingsPage] 0

HKU\NetworkService\...\Policies\system: [DisableCMD] 0

HKU\NetworkService\...\Policies\system: [NoDispAppearancePage] 0

HKU\NetworkService\...\Policies\system: [NoDispBackgroundPage] 0

HKU\NetworkService\...\Policies\system: [NoDispSettingsPage] 0

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

==================== Services (Whitelisted) ===================

2 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)

2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)

3 dlcc_device; C:\WINDOWS\system32\dlcccoms.exe -service [491520 2005-06-21] ()

2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)

3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)

2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation)

2 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{3C74D569-4FFA-47BE-84F0-71B4FCE0AA52} [5120 2008-04-13] (Microsoft Corporation)

3 SymSnapService; "C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [1553896 2007-12-20] (Symantec)

2 WANMiniportService; "C:\WINDOWS\wanmpsvc.exe" [65536 2003-08-27] (America Online, Inc.)

2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)

2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [729544 2012-11-17] (Webroot)

3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]

3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [x]

==================== Drivers (Whitelisted) ====================

3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1130496 2005-04-15] (ATI Technologies Inc.)

3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2004-03-24] ()

3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)

3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)

3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)

3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)

3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)

3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)

3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)

3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)

2 mrtRate; C:\Windows\System32\Drivers\mrtRate.sys [34916 1999-09-27] (Marimba, Inc.)

3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)

3 NAL; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation )

3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

3 P17; C:\Windows\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)

3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)

2 PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)

1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sy@ [4224 2004-08-04] (Microsoft Corporation)

3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)

3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [34686 2006-01-26] (Service & Quality Technology.)

1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)

1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)

3 STHDA; C:\Windows\System32\drivers\sthda.sys [180096 2005-03-31] (SigmaTel, Inc.)

3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)

2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)

2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)

2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)

2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)

2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)

2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)

2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)

2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)

2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)

2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-01-19] (Symantec Corporation)

3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation)

3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)

3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [194362 2007-04-16] (Jungo)

0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112656 2012-11-17] (Webroot)

3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)

4 Abiosdsk; [x]

4 Atdisk; [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

1 Changer; [x]

0 iastor; C:\Windows\System32\drivers\cIdshrGq.sys [x]

1 lbrtfdc; [x]

3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [x]

1 PCIDump; [x]

3 PDCOMP; [x]

3 PDFRAME; [x]

3 PDRELI; [x]

3 PDRFRAME; [x]

4 Simbad; [x]

3 TlntSvr; [x]

3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-12-08 20:56 - 2012-12-08 20:56 - 00000000 ____D C:\FRST

2012-11-23 08:37 - 2012-11-23 08:37 - 00013388 ____A C:\ComboFix.txt

2012-11-19 18:40 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe

2012-11-19 18:40 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe

2012-11-19 18:40 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-11-19 18:40 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-11-19 18:40 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-11-19 18:40 - 2000-08-30 19:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe

2012-11-19 18:40 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe

2012-11-19 18:40 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe

2012-11-19 18:40 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe

2012-11-19 18:34 - 2012-11-23 08:17 - 05005176 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\ComboFix.exe

2012-11-18 21:10 - 2012-11-18 21:10 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-11-18 21:00 - 2012-11-18 21:00 - 02192309 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller_undetectablew7.zip

2012-11-18 18:40 - 2012-11-18 18:40 - 00090112 ____A C:\Windows\Minidump\Mini111812-01.dmp

2012-11-18 18:37 - 2012-11-18 18:37 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009

2012-11-18 18:36 - 2012-11-18 18:36 - 12961620 ____A C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009.zip

2012-11-18 08:19 - 2012-11-18 08:19 - 00002720 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RKreport[1]_S_11182012_02d0819.txt

2012-11-18 08:18 - 2012-11-18 08:19 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\RK_Quarantine

2012-11-18 08:18 - 2012-11-18 08:18 - 00724992 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RogueKiller.exe

2012-11-18 08:10 - 2012-11-18 08:33 - 00025667 ____A C:\Documents and Settings\Ekenbarger's\Desktop\attach.txt

2012-11-18 08:10 - 2012-11-18 08:33 - 00014250 ____A C:\Documents and Settings\Ekenbarger's\Desktop\dds.txt

2012-11-18 08:03 - 2012-11-18 08:03 - 00688901 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr

2012-11-17 20:26 - 2012-11-17 20:26 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller

2012-11-17 20:19 - 2012-11-17 20:19 - 02195061 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.zip

2012-11-17 20:04 - 2012-11-17 20:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe

2012-11-17 09:19 - 2012-11-18 08:05 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\virus stuff

2012-11-17 08:23 - 2012-11-17 08:23 - 00150712 ____A (Webroot) C:\Windows\System32\WRusr.dll

2012-11-17 08:23 - 2012-11-17 08:23 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2012-11-17 08:23 - 2012-11-17 08:23 - 00000000 ____D C:\Program Files\Webroot

2012-11-17 08:21 - 2012-11-24 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData

2012-11-17 08:20 - 2012-11-17 08:20 - 00729544 ____A (Webroot) C:\Documents and Settings\Ekenbarger's\Desktop\wsainstall.exe

2012-11-17 07:58 - 2012-11-17 07:59 - 00000000 ____D C:\CCE_Quarantine

2012-11-17 04:33 - 2012-11-17 08:31 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Utduu

2012-11-17 04:33 - 2012-11-17 08:06 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Bykegy

2012-11-11 07:22 - 2012-11-11 07:22 - 00090112 ____A C:\Windows\Minidump\Mini111112-01.dmp

2012-11-11 07:08 - 2012-11-19 18:50 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab

2012-11-11 07:08 - 2012-11-17 08:24 - 00000000 ____D C:\Program Files\DefaultTab

==================== One Month Modified Files and Folders ========

2012-12-08 20:56 - 2012-12-08 20:56 - 00000000 ____D C:\FRST

2012-11-26 17:21 - 2012-06-29 13:42 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job

2012-11-26 17:21 - 2011-06-30 16:22 - 00000300 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job

2012-11-26 17:21 - 2011-02-15 17:31 - 00000327 ____A C:\Windows\wiadebug.log

2012-11-26 17:21 - 2011-02-15 17:31 - 00000050 ____A C:\Windows\wiaservc.log

2012-11-26 17:21 - 2011-02-15 17:30 - 00032386 ___AH C:\Windows\SchedLgU.Txt

2012-11-26 17:21 - 2011-02-15 17:29 - 01211254 ____A C:\Windows\WindowsUpdate.log

2012-11-26 17:21 - 2005-09-20 18:59 - 00000178 __ASH C:\Documents and Settings\Ekenbarger's\ntuser.ini

2012-11-26 17:21 - 2004-08-10 13:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-11-26 17:04 - 2012-10-30 17:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-11-26 16:30 - 2010-01-06 07:17 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-11-26 14:54 - 2009-04-03 05:16 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job

2012-11-26 13:08 - 2010-06-10 16:01 - 00000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

2012-11-26 06:30 - 2010-01-06 07:17 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-11-25 20:46 - 2012-02-25 09:27 - 00002307 ____A C:\Documents and Settings\Ekenbarger's\Desktop\Microsoft Word.lnk

2012-11-24 22:17 - 2011-12-26 12:58 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job

2012-11-24 10:23 - 2012-11-17 08:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData

2012-11-24 09:40 - 2009-01-09 08:50 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\My Documents\recipes

2012-11-23 14:30 - 2010-01-22 14:30 - 00000000 ___HD C:\Windows\System32\NtmsData

2012-11-23 08:37 - 2012-11-23 08:37 - 00013388 ____A C:\ComboFix.txt

2012-11-23 08:37 - 2012-02-15 19:59 - 00000000 ____D C:\Qoobox

2012-11-23 08:34 - 2004-08-10 12:51 - 00000227 ____A C:\Windows\system.ini

2012-11-23 08:17 - 2012-11-19 18:34 - 05005176 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\ComboFix.exe

2012-11-22 21:16 - 2005-09-27 09:22 - 00000000 ____D C:\Program Files\Dl_cats

2012-11-19 18:52 - 2005-09-20 18:59 - 00000062 __ASH C:\Documents and Settings\Ekenbarger's\Local Settings\desktop.ini

2012-11-19 18:52 - 2004-08-10 13:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2012-11-19 18:52 - 2004-08-10 13:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2012-11-19 18:52 - 2004-08-10 13:02 - 00000000 ____D C:\Windows\Registration

2012-11-19 18:51 - 2012-02-15 20:53 - 00008192 ____A C:\Windows\System32\config\SECURITY.tmp.LOG

2012-11-19 18:51 - 2012-02-09 19:42 - 00000000 ____D C:\Windows\ERDNT

2012-11-19 18:51 - 2005-09-16 07:31 - 43253760 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-11-19 18:51 - 2005-09-16 07:26 - 11010048 ____A C:\Windows\System32\config\SYSTEM.bak

2012-11-19 18:51 - 2004-08-10 07:57 - 00159744 ____A C:\Windows\System32\config\SECURITY.bak

2012-11-19 18:51 - 2004-08-10 07:57 - 00020480 ____A C:\Windows\System32\config\SAM.bak

2012-11-19 18:51 - 2004-08-10 07:56 - 05242880 ___AH C:\Windows\System32\config\DEFAULT.bak

2012-11-19 18:50 - 2012-11-11 07:08 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\DefaultTab

2012-11-18 21:10 - 2012-11-18 21:10 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-11-18 21:00 - 2012-11-18 21:00 - 02192309 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller_undetectablew7.zip

2012-11-18 18:40 - 2012-11-18 18:40 - 00090112 ____A C:\Windows\Minidump\Mini111812-01.dmp

2012-11-18 18:37 - 2012-11-18 18:37 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009

2012-11-18 18:36 - 2012-11-18 18:36 - 12961620 ____A C:\Documents and Settings\Ekenbarger's\Desktop\mbar-1.01.0.1009.zip

2012-11-18 11:15 - 2011-02-15 19:12 - 00338289 ____A C:\Windows\setupapi.log

2012-11-18 08:36 - 2012-02-06 18:27 - 00000664 ____A C:\Windows\System32\d3d9caps.dat

2012-11-18 08:33 - 2012-11-18 08:10 - 00025667 ____A C:\Documents and Settings\Ekenbarger's\Desktop\attach.txt

2012-11-18 08:33 - 2012-11-18 08:10 - 00014250 ____A C:\Documents and Settings\Ekenbarger's\Desktop\dds.txt

2012-11-18 08:19 - 2012-11-18 08:19 - 00002720 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RKreport[1]_S_11182012_02d0819.txt

2012-11-18 08:19 - 2012-11-18 08:18 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\RK_Quarantine

2012-11-18 08:18 - 2012-11-18 08:18 - 00724992 ____A C:\Documents and Settings\Ekenbarger's\Desktop\RogueKiller.exe

2012-11-18 08:05 - 2012-11-17 09:19 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\virus stuff

2012-11-18 08:03 - 2012-11-18 08:03 - 00688901 ____R (Swearware) C:\Documents and Settings\Ekenbarger's\Desktop\dds.scr

2012-11-17 20:26 - 2012-11-17 20:26 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller

2012-11-17 20:19 - 2012-11-17 20:19 - 02195061 ____A C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.zip

2012-11-17 20:04 - 2012-11-17 20:04 - 02213976 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe

2012-11-17 11:31 - 2012-05-18 18:31 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\tools

2012-11-17 09:31 - 2012-07-24 20:13 - 00000000 ____D C:\Program Files\OpenOffice.org 3

2012-11-17 09:22 - 2012-01-11 19:16 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Desktop\Cheryl's

2012-11-17 09:11 - 2008-12-28 16:56 - 00000000 ____D C:\Program Files\Yahoo!

2012-11-17 09:10 - 2008-01-04 21:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Napster

2012-11-17 09:10 - 2005-09-16 00:42 - 00000000 ____D C:\Program Files\InstallShield Installation Information

2012-11-17 09:07 - 2011-08-11 19:00 - 00000000 ____D C:\Program Files\Coupons

2012-11-17 08:31 - 2012-11-17 04:33 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Utduu

2012-11-17 08:24 - 2012-11-11 07:08 - 00000000 ____D C:\Program Files\DefaultTab

2012-11-17 08:23 - 2012-11-17 08:23 - 00150712 ____A (Webroot) C:\Windows\System32\WRusr.dll

2012-11-17 08:23 - 2012-11-17 08:23 - 00112656 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2012-11-17 08:23 - 2012-11-17 08:23 - 00000000 ____D C:\Program Files\Webroot

2012-11-17 08:20 - 2012-11-17 08:20 - 00729544 ____A (Webroot) C:\Documents and Settings\Ekenbarger's\Desktop\wsainstall.exe

2012-11-17 08:06 - 2012-11-17 04:33 - 00000000 ____D C:\Documents and Settings\Ekenbarger's\Application Data\Bykegy

2012-11-17 07:59 - 2012-11-17 07:58 - 00000000 ____D C:\CCE_Quarantine

2012-11-11 21:28 - 2010-02-13 13:23 - 00000000 ___DC C:\Windows\$NtUninstallKB955069$

2012-11-11 19:28 - 2012-11-06 17:50 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy

2012-11-11 19:27 - 2011-05-21 09:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2012-11-11 18:20 - 2009-10-16 19:03 - 00000000 __HDC C:\Windows\$NtUninstallKB975025_0$

2012-11-11 16:05 - 2010-02-21 21:02 - 00000000 ___DC C:\Windows\$NtUninstallWudf01000$

2012-11-11 15:53 - 2005-09-24 20:38 - 00000000 __HDC C:\Windows\$NtUninstallKB898458$

2012-11-11 15:39 - 2006-04-16 02:01 - 00000000 ___DC C:\Windows\$NtUninstallKB908531$

2012-11-11 11:59 - 2011-12-26 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB942288-v3$

2012-11-11 10:59 - 2006-08-15 02:00 - 00000000 __HDC C:\Windows\$NtUninstallKB917422$

2012-11-11 10:59 - 2005-09-16 00:51 - 00000000 ___HD C:\Windows\occache

2012-11-11 07:22 - 2012-11-11 07:22 - 00090112 ____A C:\Windows\Minidump\Mini111112-01.dmp

2012-11-11 07:22 - 2009-01-14 21:13 - 00000000 ___HD C:\Windows\Minidump

2012-11-11 07:18 - 2010-12-15 20:03 - 00000000 ___DC C:\Windows\$NtUninstallKB2436673$

2012-11-10 10:31 - 2008-08-26 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

2012-11-08 14:26 - 2012-10-14 06:41 - 00002187 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-11-04 13:55 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1419

RP: -> 2012-11-03 10:43 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1418

RP: -> 2012-11-02 09:37 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1417

RP: -> 2012-11-01 08:41 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1416

RP: -> 2012-10-31 07:47 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1415

RP: -> 2012-10-30 07:29 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1414

RP: -> 2012-10-29 07:21 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1413

RP: -> 2012-10-28 06:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1412

RP: -> 2012-10-27 05:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1411

RP: -> 2012-10-26 04:22 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1410

RP: -> 2012-10-25 03:46 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1409

RP: -> 2012-10-24 02:59 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1408

RP: -> 2012-10-23 02:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1407

RP: -> 2012-10-22 01:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1406

RP: -> 2012-10-21 00:19 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1405

RP: -> 2012-10-19 23:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1404

RP: -> 2012-10-18 23:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1403

RP: -> 2012-10-17 22:57 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1402

RP: -> 2012-10-16 22:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1401

RP: -> 2012-10-15 21:09 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1400

RP: -> 2012-10-14 20:54 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1399

RP: -> 2012-10-13 20:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1398

RP: -> 2012-10-12 19:21 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1397

RP: -> 2012-10-11 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1396

RP: -> 2012-10-11 05:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1395

RP: -> 2012-10-10 04:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1394

RP: -> 2012-10-09 03:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1393

RP: -> 2012-10-08 02:32 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1392

RP: -> 2012-10-07 01:38 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1391

RP: -> 2012-10-06 00:43 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1390

RP: -> 2012-10-04 23:49 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1389

RP: -> 2012-10-03 22:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1388

RP: -> 2012-10-02 22:08 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1387

RP: -> 2012-10-01 22:03 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1386

RP: -> 2012-09-30 21:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1385

RP: -> 2012-09-29 20:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1384

RP: -> 2012-09-28 19:48 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1383

RP: -> 2012-09-27 19:46 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1382

RP: -> 2012-09-26 19:31 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1381

RP: -> 2012-09-25 18:37 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1380

RP: -> 2012-09-24 18:01 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1379

RP: -> 2012-09-23 19:59 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1378

RP: -> 2012-09-22 19:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1377

RP: -> 2012-09-21 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1376

RP: -> 2012-09-21 11:06 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1375

RP: -> 2012-09-20 10:12 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1374

RP: -> 2012-09-19 09:17 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1373

RP: -> 2012-09-18 08:23 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1372

RP: -> 2012-09-17 07:31 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1371

RP: -> 2012-09-16 06:58 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1370

RP: -> 2012-09-14 20:45 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1369

RP: -> 2012-09-13 19:50 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1368

RP: -> 2012-09-12 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1367

RP: -> 2012-09-12 17:56 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1366

RP: -> 2012-09-11 17:02 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1365

RP: -> 2012-09-10 16:19 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1364

RP: -> 2012-09-09 15:10 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1363

RP: -> 2012-09-08 14:51 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1362

RP: -> 2012-09-07 13:34 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1361

RP: -> 2012-09-06 13:27 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1360

RP: -> 2012-09-05 12:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1359

RP: -> 2012-09-04 12:48 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1358

RP: -> 2012-09-03 11:56 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1357

RP: -> 2012-09-02 10:53 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1356

RP: -> 2012-09-01 10:07 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1355

RP: -> 2012-08-31 07:04 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1354

RP: -> 2012-08-30 06:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1353

RP: -> 2012-08-29 05:16 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1352

RP: -> 2012-08-28 04:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1351

RP: -> 2012-08-27 03:25 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1350

RP: -> 2012-08-26 02:30 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1349

RP: -> 2012-08-25 01:35 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1348

RP: -> 2012-08-24 00:41 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1347

RP: -> 2012-08-23 00:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1346

RP: -> 2012-08-21 23:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1345

RP: -> 2012-08-20 22:26 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1344

RP: -> 2012-08-19 21:55 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1343

RP: -> 2012-08-18 20:33 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1342

RP: -> 2012-08-17 20:14 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1341

RP: -> 2012-08-16 19:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1340

RP: -> 2012-08-15 19:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1339

RP: -> 2012-08-15 10:15 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1338

RP: -> 2012-08-14 09:20 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1337

RP: -> 2012-08-13 08:26 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1336

RP: -> 2012-08-12 07:49 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1335

RP: -> 2012-08-11 06:54 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1334

RP: -> 2012-08-10 06:00 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1333

RP: -> 2012-08-09 05:05 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1332

RP: -> 2012-08-08 04:11 - 020480 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1331

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 2558.09 MB

Available physical RAM: 2283.9 MB

Total Pagefile: 2385.72 MB

Available Pagefile: 2324.88 MB

Total Virtual: 2047.88 MB

Available Virtual: 2002.18 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

2 Drive c: () (Fixed) (Total:145.58 GB) (Free:86.19 GB) NTFS ==>[Drive with boot components (Windows XP)]

4 Drive e: () (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32

5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 Online 466 GB 466 GB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 55 MB 32 KB

Partition 2 Primary 146 GB 55 MB

Partition 3 Unknown 3459 MB 146 GB

=========================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 FAT Partition 55 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Partition 146 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : DB

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT32 Partition 3459 MB Healthy

=========================================================

Partitions of Disk 1:

===============

There are no partitions on this disk to show.

=========================================================

Disk: 1

The specified partition is not valid.

Please select a valid partition.

=========================================================

==================== End Of Log ============================

========================= Memory info ======================

Percentage of memory in use: 8%

Total physical RAM: 2558.09 MB

Available physical RAM: 2339.91 MB

Total Pagefile: 2385.72 MB

Available Pagefile: 2331.39 MB

Total Virtual: 2047.88 MB

Available Virtual: 2009.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

2 Drive c: () (Fixed) (Total:145.58 GB) (Free:86.19 GB) NTFS ==>[Drive with boot components (Windows XP)]

4 Drive e: () (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32

5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Disk 1 Online 466 GB 466 GB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 55 MB 32 KB

Partition 2 Primary 146 GB 55 MB

Partition 3 Unknown 3459 MB 146 GB

======================================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 FAT Partition 55 MB Healthy

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Partition 146 GB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : DB

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT32 Partition 3459 MB Healthy

======================================================================================================

Partitions of Disk 1:

===============

There are no partitions on this disk to show.

======================================================================================================

Disk: 1

The specified partition is not valid.

Please select a valid partition.

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

OK, repeat the procedure with OTLPE and FRST but this time in the search window of FRST type in iastor.sys and click on Search Files.

Copy back the report and also if possible copy the iastor.sys file to the flash drive.

Then upload it here for a free virus scan:

http://www.virustotal.com/

Let me know the results...just copy back the url.

So post back the results of the search for iastor.sys

MrC

Link to post
Share on other sites

Hi,

Not sure if I did that correctly. I wasn't suppose to download everything again or create another CD, right? I rebooted the computer with the CD ,put the flashdrive in and opened FRST then continued from there. I didn't see anyway to save the iastor.sys file. Sorry. I don't think it found anything. Thanks. Cheryl

Farbar Recovery Scan Tool (x86) Version: 06-12-2012

Ran by SYSTEM at 2012-12-09 17:03:28

Running from D:\

================== Search: "iastor.sys" ===================

C:\WINDOWS\system32\drivers\iaStor.sys

[2005-09-16 00:26] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59

C:\i386\iaStor.sys

[2005-09-25 07:07] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59

C:\drivers\STORAGE\SATA\ONBOARD\iaStor.sys

[2005-09-16 00:26] - [2005-07-08 22:02] - 0871040 ____A (Intel Corporation) d593517879e65167df35f6015814ac59

=== End Of Search ===

https://www.virustotal.com/file/1c1fa92707070b254f007e8b649395fa15fac13353cb120d639c6fac8e819ce8/analysis/1355091190/

Link to post
Share on other sites

You did everything correctly...good job!

Here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Repeat the procedure with OTLPE and FRST but this time ......

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots now.

MrC

Link to post
Share on other sites

OMG!!!!!! You're wonderful!!!! I thought I'd never see that desktop again. Yes...it rebooted. A bit slow but I have my desktop back. I haven't done anything else with the computer though. Here is the log. Thank you. Cheryl

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-12-2012

Ran by SYSTEM at 2012-12-11 17:30:45 Run:1

Running from D:\

==============================================

========= reg add hklm\SYSTEM\ControlSet006\services\iastor /v ImagePath /t REG_EXPAND_SZ /d system32\DRIVERS\iastor.sys /f =========

The operation completed successfully

========= End of Reg: =========

==== End of Fixlog ====

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.