Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Clock keeps reseting to 12 April 2016!


  • This topic is locked This topic is locked
141 replies to this topic

#61 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 12 November 2009 - 11:56 AM

Sorry for jumping the gun but I tried Launching EDRNT.exe (from D:\windows\system32\config), it said 'restoring a registry backup created 07/11/009, but then said error restoring windows\system32\config\security to windows\system32\config\security, and said the same for software, system, default and Sam. I also tried Launching ERDNT.ex from D:\windows\erdnt\hiv-backup (accidently) and this seemed to restore without any errors but still a blue screen when I try to launch windows

    Advertisements

Register to Remove


#62 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 12 November 2009 - 03:56 PM

Hi sdabbs,

Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and highlight then copy the contents of the code box below.

if exist D:\windows\system32\config\SYSTEM ren D:\windows\system32\config\SYSTEM SYS.old
copy D:\WINDOWS\ERDNT\Hiv-backup\SYSTEM D:\windows\system32\config
exit
cls

Open a command window and right click>Paste the copied text.
The command window will close on it's own.
Restart the computer and see if it will boot normally from the hard drive.
Dave

#63 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 13 November 2009 - 01:15 AM

Hi Dave - Many thanks for your help :) When I clicked on Browsers>Opera Web Browser (after clicking on network) it opened a blank page - opera, but said it could not find remote server. I typed the command line in notepad and copied and pasted, like you said the command window closed on it's own. When I tried to reboot though I still get the blue screen. Sean

#64 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 13 November 2009 - 01:21 AM

Don't know what to tell you about Opera - would have made things easier on you. :wacko: Might be worth your time trying again. The computer does have an internet connection?

Lets see if any hives exist in system restore. Copy the contents of the code box below and paste it into a command window then post the results here.

dir d:\system~1\_registry* /s>"%userprofile%\desktop\restore.txt"
notepad "%userprofile%\desktop\restore.txt"
exit
cls

* You can possibly use a usb flash drive to copy logs over for posting.
Dave

#65 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 13 November 2009 - 01:44 AM

Thanks again Dave, I will try again with Opera (maybe manually assign IP address as it is blank?), I copied your text and put in command but the notpad came up empty!! I have no computer again for the next 9 hours - hopfully I will be able to get onto Opera before then!

#66 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 13 November 2009 - 01:53 AM

Well, that's not encouraging. Please verify using Windows Explorer. Navigate to D:\System Volume Information and browse the folders there. You're looking for folders named snapshot that contain files named _REGISTRY_MACHINE_SYSTEM, _REGISTRY_MACHINE_SOFTWARE, ETC. Paths will be similar to the following. D:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP67\snapshot
Dave

#67 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 13 November 2009 - 10:38 AM

Everything can be found on C: now, no longer on D: (not sure why that is) I see nothing like that in system volume information, there are just two folders : MountPrintManagerRemoteDatabase (0kb) and tracking.log (20kb)

#68 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 14 November 2009 - 03:33 AM

Hi, Dave, Raktor - Anybody? What should I do, is there any other way to get normal windows to resume, will you not be able to remove the virus? - do I need to go back to factory settings? Any advice would be much appreciated

Edited by sdabbs, 14 November 2009 - 03:36 AM.


#69 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 14 November 2009 - 06:31 AM

I had a thought - not too long before the computer went down I had a some kind of a system restore save point from regcure - is it possible at all to restore to that?(or does that not save enough information?)

#70 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 14 November 2009 - 10:32 AM

Hi Sean,

Were you able to get the internet connection working in MiniXP, or use a usb flash drive to transfer files?
If able, get dds-bootcd.exe on the machine's desktop and run it.
If it runs successfully, save the log when it opens then post it here.

Also, navigate to the Windows folder (guess it's now C:\Windows) and see if there is a file named ntbtlog.txt - delete it if present.
Restart and after selecting Boot from hard drive, begin tapping F8 to enable the Advanced Startup menu.
Select Enable Bootlogging
When the computer BSODs, restart and go back to MiniXP.
There should be a new ntbtlog.txt in C:\Windows which we need to see.
Dave

    Advertisements

Register to Remove


#71 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 14 November 2009 - 11:10 AM

Hi Noah, Thanks for replying, here is the log (program saved on external usb - I still can't connect to the net in mini windows) I also found the file ntbtlog.txt and deleted it. But when I enabled boot logging and restarted windows mini I could not find he new ntbtlog.txt I'm gonna try again - here is the dss log in the meantime DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 14:48:19.84 on Fri 11/13/2009 Internet Explorer: 7.0.5730.13 ============== Pseudo HJT Report =============== S-1-5-21-1661826239-850354719-2506221119-500_Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk S-1-5-21-1661826239-850354719-2506221119-500_Search Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk S-1-5-21-1661826239-850354719-2506221119-500_Search Bar = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk S-1-5-21-1661826239-850354719-2506221119-500_Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk mSearchAssistant = hxxp://www.google.com/ie mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe, S-1-5-21-1661826239-850354719-2506221119-1010_Winlogon: Shell=c:\windows\ehome\McrMgr.exe BHO: c:\windows\system32\z3z4srid90.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\z3z4srid90.dll BHO: c:\windows\system32\z3z4srid90.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\z3z4srid90.dll TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File S-1-5-21-1661826239-850354719-2506221119-1005_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe S-1-5-21-1661826239-850354719-2506221119-1005_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup S-1-5-21-1661826239-850354719-2506221119-1005_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe S-1-5-21-1661826239-850354719-2506221119-1005_Run: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background S-1-5-21-1661826239-850354719-2506221119-1005_Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent S-1-5-21-1661826239-850354719-2506221119-1005_Run: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized S-1-5-21-1661826239-850354719-2506221119-1005_Run: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe S-1-5-21-1661826239-850354719-2506221119-1005_Run: [AdobeBridge] S-1-5-21-1661826239-850354719-2506221119-1005_Run: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0 S-1-5-21-1661826239-850354719-2506221119-1005_Run: [rundll32.exe] S-1-5-21-1661826239-850354719-2506221119-1005_Run: [WAB] c:\documents and settings\fabi\application data\macromedia\common\81d6602c19.exe S-1-5-21-1661826239-850354719-2506221119-1006_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe S-1-5-21-1661826239-850354719-2506221119-1006_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup S-1-5-21-1661826239-850354719-2506221119-1006_Run: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe S-1-5-21-1661826239-850354719-2506221119-1006_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe S-1-5-21-1661826239-850354719-2506221119-1006_Run: [rundll32.exe] S-1-5-21-1661826239-850354719-2506221119-1006_Run: [WAB] c:\documents and settings\sean.dc59qb2j\application data\macromedia\common\81d6602c19.exe S-1-5-21-1661826239-850354719-2506221119-1010_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe S-1-5-21-1661826239-850354719-2506221119-1010_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup S-1-5-21-1661826239-850354719-2506221119-500_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe S-1-5-21-1661826239-850354719-2506221119-500_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [BuildBU] c:\dell\bldbubg.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [NWEReboot] mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [WinsysMon] c:\program files\common files\openfile.exe mRun: [lsdefrag] c:\documents and settings\fabi\application data\cmdran.exe mRun: [Otenowaqifih] rundll32.exe "c:\windows\uhihekevasuqeru.dll",Startup mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - x:\i386\ehome\RMSysTry.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\fabi\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\documents and settings\fabi\start menu\programs\startup\scandisk.dll StartupFolder: c:\docume~1\fabi\startm~1\programs\startup\scandisk.lnk - x:\i386\system32\rundll32.exe StartupFolder: c:\documents and settings\sean.dc59qb2j\start menu\programs\startup\scandisk.dll S-1-5-21-1661826239-850354719-2506221119-1005_Policies-explorer: NoFolderOptions = 1 (0x1) S-1-5-21-1661826239-850354719-2506221119-1005_Policies-system: EnableProfileQuota = 1 (0x1) S-1-5-21-1661826239-850354719-2506221119-1005_Policies-system: DisableRegistryTools = 1 (0x1) IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: Extract Flash Video with Bytescout... - c:\program files\bytescout swf to video scout\flashextract_ie.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {11C91DA0-5258-4B2F-96C6-6A531C0E0DD7} - c:\program files\bytescout swf to video scout\flashextract_ie.html IE: {BBE87EC9-5D71-483A-99E0-DEE4DF3E466C} - c:\program files\bytescout swf to video scout\flashextract_ie.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: c:\windows\system32\z3z4srid90.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\z3z4srid90.dll ============= SERVICES / DRIVERS =============== acedrv11; \??\c:\windows\system32\drivers\acedrv11.sys Cinemsup; [x] CSIScanner; [x] drvncdb; [x] McAfee SiteAdvisor Service; "c:\program files\mcafee\siteadvisor\McSACore.exe" NPF; system32\drivers\npf.sys NwSapAgent; %SystemRoot%\system32\svchost.exe -k netsvcs; %SystemRoot%\System32\ipxsap.dll pxscan; System32\drivers\pxscan.sys pxsec; System32\drivers\pxsec.sys RapportKELL; \??\c:\program files\trusteer\rapport\bin\RapportKELL.sys RapportMgmtService; "c:\program files\trusteer\rapport\bin\RapportMgmtService.exe" RapportPG; \??\c:\program files\trusteer\rapport\bin\RapportPG.sys rootrepeal; \??\c:\windows\system32\drivers\rootrepeal.sys SynPS2Enable; [x] TabletServicePen; c:\windows\system32\Pen_Tablet.exe {3295D94A-73B2-4600-8BD9-0AAD7298C700}; [x] {88EBE9B4-B176-4C63-9265-2B4114BAA42C}; [x] {BD90EF2D-2514-44A6-84AF-E71A7B1F9834}; [x] {CFC30AC1-F4E7-4FAA-A513-868D51691FC2}; [x] =============== Created Last 30 ================ 2009-11-07 14:11 8,212 a------- c:\windows\mfebcdata 2009-11-07 14:10 56,320 a------- c:\windows\system32\OLDC.tmp 2009-11-07 14:05 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-07 14:05 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-11-07 14:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-11-07 14:03 77,312 a------- c:\windows\MBR.exe 2009-11-07 14:03 267,264 a------- c:\windows\PEV.exe 2009-11-07 13:59 <DIR> --ds---- C:\sdabbs.exe 2009-11-07 13:34 36 a------- c:\windows\rasqervy.dll 2009-11-07 13:33 7 a------- c:\windows\sdfinacs.dll 2009-11-07 00:05 4 a------- c:\windows\sdfixwcs.dll 2009-11-06 22:03 0 a----r-- c:\windows\Mtabimeqaguvimup.bin 2009-11-06 22:03 120 a------- c:\windows\Rsupiqefameteqar.dat 2009-11-06 22:00 104,448 a------- c:\windows\msacm32.drv 2009-11-06 22:00 104 a------- c:\windows\wuasirvy.dll 2009-11-06 21:58 0 a----r-- c:\windows\win32k.sys 2009-11-06 21:58 <DIR> --dsh--- c:\windows\system32\lowsec 2009-11-06 21:57 32,768 a------- C:\didx.exe 2009-11-06 21:57 15,000 a------- c:\windows\system32\z3z4srid90.dll 2009-11-06 21:57 91,648 a------- C:\dnpevj.exe 2009-11-06 21:57 21,504 ---sh--- c:\documents and settings\fabi\application data\sysint.exe 2009-11-06 21:57 98,304 ---sh--- c:\documents and settings\fabi\application data\excom.exe 2009-11-06 21:56 20,515 ---sh--- c:\documents and settings\fabi\application data\cmdran.exe 2009-11-06 09:03 99,486 ---sh--- c:\documents and settings\fabi\application data\vnsys.exe 2009-11-06 09:03 101,396 ---sh--- c:\documents and settings\fabi\application data\updateset.exe 2009-11-06 09:03 126,119 ---sh--- c:\documents and settings\fabi\application data\sysdrive.exe 2009-11-06 09:03 165,796 ---sh--- c:\documents and settings\fabi\application data\opdriver.exe 2009-11-06 09:03 105,019 ---sh--- c:\documents and settings\fabi\application data\gload.exe 2009-11-05 17:16 <DIR> --d----- c:\program files\Big City Adventure - New York City 2009-11-04 12:37 54,156 a---h--- c:\windows\QTFont.qfn 2009-11-04 12:37 1,409 a------- c:\windows\QTFont.for 2009-10-27 01:31 143,360 ---sh--- c:\program files\common files\openfile.exe 2009-10-19 12:54 <DIR> --d----- C:\multiAVCHD 2009-10-19 09:38 <DIR> --d----- c:\documents and settings\mcx1\application data\Intel 2009-10-19 09:38 <DIR> --d----- c:\documents and settings\mcx1\application data\AOL 2009-10-19 09:38 <DIR> --d----- c:\documents and settings\mcx1\application data\You've Got Pictures Screensaver 2009-10-15 11:40 <DIR> --d----- c:\documents and settings\all users\application data\RegCure 2009-10-14 17:35 0 a------- c:\windows\Waverly.INI ==================== Find3M ==================== 2009-10-21 04:08 3,598,336 -------- c:\windows\system32\dllcache\mshtml.dll 2009-10-01 14:02 19,944 a------- c:\program files\common files\fufuwubuha._dl 2009-10-01 14:02 19,428 a------- c:\program files\common files\iluqic.ban 2009-10-01 14:02 17,957 a------- c:\windows\system32\bysebiz.pif 2009-10-01 14:02 17,513 a------- c:\program files\common files\ybecawy.db 2009-10-01 14:02 17,247 a------- c:\documents and settings\all users\application data\mizasy.bin 2009-10-01 14:02 14,939 a------- c:\windows\system32\yzyn.scr 2009-10-01 14:02 14,503 a------- c:\program files\common files\utylimykow.dat 2009-10-01 14:02 13,432 a------- c:\windows\oposydy.bin 2009-10-01 14:02 11,981 a------- c:\program files\common files\iqoqekoze.bat 2009-10-01 14:02 11,590 a------- c:\windows\system32\ynof.dat 2009-10-01 14:02 10,462 a------- c:\windows\system32\limuhemor.exe 2009-10-01 08:32 18,693 a------- c:\documents and settings\all users\application data\esam.pif 2009-10-01 08:32 19,887 a------- c:\windows\ecejaf.reg 2009-10-01 08:32 19,336 a------- c:\program files\common files\emiquxut.ban 2009-10-01 08:32 14,618 a------- c:\program files\common files\etena.dl 2009-10-01 08:32 11,921 a------- c:\documents and settings\fabi\application data\qijufofoci.bin 2009-10-01 08:32 10,625 a------- c:\windows\wozem.dat 2009-10-01 08:32 19,496 a------- c:\program files\common files\ovamovi.bin 2009-10-01 08:32 18,044 a------- c:\windows\ovap.bin 2009-10-01 08:32 13,549 a------- c:\windows\tifupacov.bin 2009-09-30 19:47 37,824 ac------ c:\documents and settings\fabi\application data\GDIPFONTCACHEV1.DAT 2009-09-16 09:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 09:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 09:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 09:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 09:22 34,248 a------- c:\windows\system32\drivers\mferkdk.sys 2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll 2009-09-01 16:01 278,528 a------- c:\windows\SYCLicense_090901.dll 2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-08-27 05:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe 2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll 2009-07-15 21:23 134 a---h--- c:\documents and settings\fabi\application data\lakerda1967.sys 2009-03-21 14:06 129,024 ---sh--- c:\documents and settings\fabi\application data\rnfiles.exe 2009-03-21 14:06 105,019 ---sh--- c:\documents and settings\fabi\application data\loader.exe 2009-03-21 14:06 99,840 ---sh--- c:\documents and settings\fabi\application data\driverload.exe 2008-03-02 21:55 0 ac------ c:\program files\temp01 2007-09-05 17:15 262,144 a------- c:\documents and settings\all users\NTUSER.DAT ==== Installed Programs ====================== µTorrent 517142 - ZBrush (Windows) (Shared Components) Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 2.1 Adobe Media Player Adobe Photoshop CS2 Adobe Reader 7.0.7 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 Amazon MP3 Downloader 1.0.8 ArtRage 2 ATI Display Driver Audacity 1.2.6 AusLogics Disk Defrag AVS Update Manager 1.0 AVS Video Converter 6 AVS4YOU Software Navigator 1.3 Big Fish Games Client Bytescout SWF To Video Scout Candy Land - Dora the Explorer Edition Canon MP Navigator EX 1.2 Canon MP190 series MP Drivers Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CardRecovery 5.20 CLUE Classic Conexant HDA D110 MDC V.92 Modem Critical Update for Windows Media Player 11 (KB959772) Dell Support 5.0.0 (630) Dell System Restore Digital Line Detect DivX Content Uploader DivX Web Player Dora Backpack Dora the Explorer - Lost City Dream Day First Home Dream Day Wedding Dream Day Wedding - Viva Las Vegas Dream Day Wedding - Viva Las Vegas 1.00 DVD Flick EA Download Manager EASEUS Data Recovery Wizard Professional 4.3.6 G6 U-DISK Manager Uninstall GemMaster Mystic High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Intel® PROSet/Wireless Software Java™ 6 Update 14 Logitech QuickCam Logitech QuickCam Driver Package Magic ISO Maker v5.4 (build 0239) Magic ISO Maker v5.5 (build 0268) MagicDisc 2.7.105 Malwarebytes' Anti-Malware Martine ą la ferme McAfee SecurityCenter mCore MCU mDrWiFi Media Center Extender MeshLab 1.2.2 mHlpDell Micro Application - Martine ą la montagne Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Works 7.0 Microsoft WSE 3.0 Runtime Microsoft XML Parser mIWA mLogView mMHouse Modem Helper mPfMgr mPfWiz mProSafe mSSO mWlsSafe mWMI mXML Mystery Chronicles: Murder Among Friends mZConfig Nancy Drew: Warnings at Waverly Academy Nero 7 Essentials neroxml NetWaiting NVIDIA PureVideo Decoder OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PDF Manual NW-E010 Series PDFCreator PDFCreator Toolbar Pen Tablet Poser Pro PowerDVD 5.7 ProtectDisc Driver, Version 11 Python 2.6.2 Quick Screen Capture 3.0 QuickTime Rapport RealPlayer RegCure 1.6.0.0 SAGEM F@st 800-840 Search Assist Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Skype web features Skype™ 4.1 Sonic Audio Module Sonic CinePlayer Sonic Copy Module Sonic Data Module Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic Update Manager SonicStage 4.3 SpywareBlaster 4.2 Synaptics Pointing Device Driver The Sims™ 3 TomTom HOME 2.5.2.60 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 UploadScaler 1.1 VAIO music transfer 1.2 VCRedistSetup VideoLAN VLC media player 0.8.6d Viewpoint Media Player Wanadoo Europe Installer WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Connect Windows Media Format 11 runtime Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows XP Media Center Edition 2005 KB905589 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinPcap 4.0 WinRAR archiver Womens Murder Club a Darker Shade of Grey 1.00 Xvid 1.1.3 final uninstall XviD MPEG-4 Codec Yahoo! Toolbar ZBrush3 ============= FINISH: 14:48:33.76 ===============

#72 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 14 November 2009 - 11:32 AM

I did it a second time but could not find the new ntbtlog.txt in C:WINDOWS

#73 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 14 November 2009 - 11:56 AM

Please see if there is a folder in C:\ named qoobox. If so, do the following from a command prompt.

dir c:\qoobox /s >"%userprofile%\desktop\look.txt"

Post the contents of look.txt on the desktop.
Dave

#74 sdabbs

sdabbs

    Authentic Member

  • Authentic Member
  • PipPip
  • 97 posts

Posted 14 November 2009 - 01:52 PM

Hi, there were a few folders in qoobox - backenv, lastrun, quarantine, test and testc Volume in drive C has no label. Volume Serial Number is 1403-B6F1 Directory of c:\qoobox 11/07/2009 02:02 PM <DIR> . 11/07/2009 02:02 PM <DIR> .. 11/07/2009 02:02 PM <DIR> BackEnv 11/07/2009 02:02 PM <DIR> LastRun 11/07/2009 01:58 PM <DIR> Quarantine 11/07/2009 02:02 PM <DIR> Test 11/07/2009 02:02 PM <DIR> TestC 0 File(s) 0 bytes Directory of c:\qoobox\BackEnv 11/07/2009 02:02 PM <DIR> . 11/07/2009 02:02 PM <DIR> .. 11/07/2009 02:05 PM 451 appdata.folder.dat 11/07/2009 02:05 PM 398 cache.folder.dat 11/07/2009 02:05 PM 280 Cookies.folder.dat 11/07/2009 02:05 PM 233 desktop.folder.dat 11/07/2009 02:05 PM 287 favorites.folder.dat 11/07/2009 02:05 PM 358 localappdata.folder.dat 11/07/2009 02:05 PM 332 localsettings.folder.dat 11/07/2009 02:05 PM 256 mypictures.folder.dat 11/07/2009 02:05 PM 359 personal.folder.dat 11/07/2009 02:04 PM 379 Profiles.Folder.dat 11/07/2009 02:05 PM 621 Profiles.Folder.folder.dat 11/07/2009 02:06 PM 293 programs.folder.dat 11/07/2009 02:04 PM 6946 SetPath.bat 11/07/2009 02:06 PM 248 startmenu.folder.dat 11/07/2009 02:06 PM 333 startup.folder.dat 11/07/2009 02:04 PM 2644 SysPath.dat 11/07/2009 02:06 PM 332 templates.folder.dat 17 File(s) 14750 bytes Directory of c:\qoobox\LastRun 11/07/2009 02:02 PM <DIR> . 11/07/2009 02:02 PM <DIR> .. 11/07/2009 02:10 PM 122 ndis_HDCntrl.old 1 File(s) 122 bytes Directory of c:\qoobox\Quarantine 11/07/2009 01:58 PM <DIR> . 11/07/2009 01:58 PM <DIR> .. 11/07/2009 02:09 PM <DIR> C 11/07/2009 02:02 PM 51 catchme.log 11/07/2009 01:58 PM <DIR> Registry_backups 1 File(s) 51 bytes Directory of c:\qoobox\Quarantine\C 11/07/2009 02:09 PM <DIR> . 11/07/2009 02:09 PM <DIR> .. 11/07/2009 02:10 PM <DIR> WINDOWS 0 File(s) 0 bytes Directory of c:\qoobox\Quarantine\C\WINDOWS 11/07/2009 02:10 PM <DIR> . 11/07/2009 02:10 PM <DIR> .. 11/07/2009 02:10 PM <DIR> system32 0 File(s) 0 bytes Directory of c:\qoobox\Quarantine\C\WINDOWS\system32 11/07/2009 02:10 PM <DIR> . 11/07/2009 02:10 PM <DIR> .. 11/07/2009 02:10 PM <DIR> drivers 04/14/2008 12:11 AM 56320 eventlog.dll.vir 1 File(s) 56320 bytes Directory of c:\qoobox\Quarantine\C\WINDOWS\system32\drivers 11/07/2009 02:10 PM <DIR> . 11/07/2009 02:10 PM <DIR> .. 04/13/2008 06:40 PM 96512 atapi.sys.vir 1 File(s) 96512 bytes Directory of c:\qoobox\Quarantine\Registry_backups 11/07/2009 01:58 PM <DIR> . 11/07/2009 01:58 PM <DIR> .. 0 File(s) 0 bytes Directory of c:\qoobox\Test 11/07/2009 02:02 PM <DIR> . 11/07/2009 02:02 PM <DIR> .. 0 File(s) 0 bytes Directory of c:\qoobox\TestC 11/07/2009 02:02 PM <DIR> . 11/07/2009 02:02 PM <DIR> .. 0 File(s) 0 bytes Total Files Listed: 21 File(s) 167755 bytes 32 Dir(s) 30334029824 bytes free

#75 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 14 November 2009 - 01:58 PM

Thanks. Lets do another. dir c:\atapi.sys /s >"%userprofile%\desktop\atapi.txt"
Dave

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users