WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] Clock keeps reseting to 12 April 2016!
Started by
sdabbs
, Nov 06 2009 04:05 AM
This topic is locked
141 replies to this topic
#61
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 12 November 2009 - 11:56 AM
Register to Remove
#62
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 12 November 2009 - 03:56 PM
Hi sdabbs,
Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and highlight then copy the contents of the code box below.
Open a command window and right click>Paste the copied text.
The command window will close on it's own.
Restart the computer and see if it will boot normally from the hard drive.
Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and highlight then copy the contents of the code box below.
if exist D:\windows\system32\config\SYSTEM ren D:\windows\system32\config\SYSTEM SYS.old copy D:\WINDOWS\ERDNT\Hiv-backup\SYSTEM D:\windows\system32\config exit cls
Open a command window and right click>Paste the copied text.
The command window will close on it's own.
Restart the computer and see if it will boot normally from the hard drive.
Dave
#63
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 13 November 2009 - 01:15 AM
Hi Dave - Many thanks for your help 
When I clicked on Browsers>Opera Web Browser (after clicking on network) it opened a blank page - opera, but said it could not find remote server.
I typed the command line in notepad and copied and pasted, like you said the command window closed on it's own. When I tried to reboot though I still get the blue screen.
Sean
When I clicked on Browsers>Opera Web Browser (after clicking on network) it opened a blank page - opera, but said it could not find remote server.
I typed the command line in notepad and copied and pasted, like you said the command window closed on it's own. When I tried to reboot though I still get the blue screen.
Sean
#64
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 13 November 2009 - 01:21 AM
Don't know what to tell you about Opera - would have made things easier on you. 
Might be worth your time trying again. The computer does have an internet connection?
Lets see if any hives exist in system restore. Copy the contents of the code box below and paste it into a command window then post the results here.
* You can possibly use a usb flash drive to copy logs over for posting.
Might be worth your time trying again. The computer does have an internet connection?Lets see if any hives exist in system restore. Copy the contents of the code box below and paste it into a command window then post the results here.
dir d:\system~1\_registry* /s>"%userprofile%\desktop\restore.txt" notepad "%userprofile%\desktop\restore.txt" exit cls
* You can possibly use a usb flash drive to copy logs over for posting.
Dave
#65
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 13 November 2009 - 01:44 AM
Thanks again Dave, I will try again with Opera (maybe manually assign IP address as it is blank?),
I copied your text and put in command but the notpad came up empty!!
I have no computer again for the next 9 hours - hopfully I will be able to get onto Opera before then!
#66
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 13 November 2009 - 01:53 AM
Well, that's not encouraging. Please verify using Windows Explorer. Navigate to D:\System Volume Information and browse the folders there. You're looking for folders named snapshot that contain files named _REGISTRY_MACHINE_SYSTEM, _REGISTRY_MACHINE_SOFTWARE, ETC. Paths will be similar to the following.
D:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP67\snapshot
Dave
#67
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 13 November 2009 - 10:38 AM
Everything can be found on C: now, no longer on D: (not sure why that is)
I see nothing like that in system volume information, there are just two folders : MountPrintManagerRemoteDatabase (0kb) and tracking.log (20kb)
#68
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 03:33 AM
Hi,
Dave, Raktor - Anybody?
What should I do, is there any other way to get normal windows to resume, will you not be able to remove the virus? - do I need to go back to factory settings?
Any advice would be much appreciated
Edited by sdabbs, 14 November 2009 - 03:36 AM.
#69
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 06:31 AM
I had a thought - not too long before the computer went down I had a some kind of a system restore save point from regcure - is it possible at all to restore to that?(or does that not save enough information?)
#70
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 10:32 AM
Hi Sean,
Were you able to get the internet connection working in MiniXP, or use a usb flash drive to transfer files?
If able, get dds-bootcd.exe on the machine's desktop and run it.
If it runs successfully, save the log when it opens then post it here.
Also, navigate to the Windows folder (guess it's now C:\Windows) and see if there is a file named ntbtlog.txt - delete it if present.
Restart and after selecting Boot from hard drive, begin tapping F8 to enable the Advanced Startup menu.
Select Enable Bootlogging
When the computer BSODs, restart and go back to MiniXP.
There should be a new ntbtlog.txt in C:\Windows which we need to see.
Were you able to get the internet connection working in MiniXP, or use a usb flash drive to transfer files?
If able, get dds-bootcd.exe on the machine's desktop and run it.
If it runs successfully, save the log when it opens then post it here.
Also, navigate to the Windows folder (guess it's now C:\Windows) and see if there is a file named ntbtlog.txt - delete it if present.
Restart and after selecting Boot from hard drive, begin tapping F8 to enable the Advanced Startup menu.
Select Enable Bootlogging
When the computer BSODs, restart and go back to MiniXP.
There should be a new ntbtlog.txt in C:\Windows which we need to see.
Dave
Register to Remove
#71
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 11:10 AM
Hi Noah,
Thanks for replying, here is the log (program saved on external usb - I still can't connect to the net in mini windows)
I also found the file ntbtlog.txt and deleted it.
But when I enabled boot logging and restarted windows mini I could not find he new ntbtlog.txt
I'm gonna try again - here is the dss log in the meantime
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 14:48:19.84 on Fri 11/13/2009
Internet Explorer: 7.0.5730.13
============== Pseudo HJT Report ===============
S-1-5-21-1661826239-850354719-2506221119-500_Start Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
S-1-5-21-1661826239-850354719-2506221119-500_Search Page = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
S-1-5-21-1661826239-850354719-2506221119-500_Search Bar = hxxp://www.google.co.uk/hws/sb/dell-inc/en/side.html?channel=uk
S-1-5-21-1661826239-850354719-2506221119-500_Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
S-1-5-21-1661826239-850354719-2506221119-1010_Winlogon: Shell=c:\windows\ehome\McrMgr.exe
BHO: c:\windows\system32\z3z4srid90.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\z3z4srid90.dll
BHO: c:\windows\system32\z3z4srid90.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\z3z4srid90.dll
TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [AdobeBridge]
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [rundll32.exe]
S-1-5-21-1661826239-850354719-2506221119-1005_Run: [WAB] c:\documents and settings\fabi\application data\macromedia\common\81d6602c19.exe
S-1-5-21-1661826239-850354719-2506221119-1006_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
S-1-5-21-1661826239-850354719-2506221119-1006_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
S-1-5-21-1661826239-850354719-2506221119-1006_Run: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
S-1-5-21-1661826239-850354719-2506221119-1006_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
S-1-5-21-1661826239-850354719-2506221119-1006_Run: [rundll32.exe]
S-1-5-21-1661826239-850354719-2506221119-1006_Run: [WAB] c:\documents and settings\sean.dc59qb2j\application data\macromedia\common\81d6602c19.exe
S-1-5-21-1661826239-850354719-2506221119-1010_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
S-1-5-21-1661826239-850354719-2506221119-1010_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
S-1-5-21-1661826239-850354719-2506221119-500_Run: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
S-1-5-21-1661826239-850354719-2506221119-500_Run: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [BuildBU] c:\dell\bldbubg.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [WinsysMon] c:\program files\common files\openfile.exe
mRun: [lsdefrag] c:\documents and settings\fabi\application data\cmdran.exe
mRun: [Otenowaqifih] rundll32.exe "c:\windows\uhihekevasuqeru.dll",Startup
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - x:\i386\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\fabi\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\fabi\start menu\programs\startup\scandisk.dll
StartupFolder: c:\docume~1\fabi\startm~1\programs\startup\scandisk.lnk - x:\i386\system32\rundll32.exe
StartupFolder: c:\documents and settings\sean.dc59qb2j\start menu\programs\startup\scandisk.dll
S-1-5-21-1661826239-850354719-2506221119-1005_Policies-explorer: NoFolderOptions = 1 (0x1)
S-1-5-21-1661826239-850354719-2506221119-1005_Policies-system: EnableProfileQuota = 1 (0x1)
S-1-5-21-1661826239-850354719-2506221119-1005_Policies-system: DisableRegistryTools = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Extract Flash Video with Bytescout... - c:\program files\bytescout swf to video scout\flashextract_ie.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {11C91DA0-5258-4B2F-96C6-6A531C0E0DD7} - c:\program files\bytescout swf to video scout\flashextract_ie.html
IE: {BBE87EC9-5D71-483A-99E0-DEE4DF3E466C} - c:\program files\bytescout swf to video scout\flashextract_ie.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\z3z4srid90.dll: {a45a4b15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\z3z4srid90.dll
============= SERVICES / DRIVERS ===============
acedrv11; \??\c:\windows\system32\drivers\acedrv11.sys
Cinemsup; [x]
CSIScanner; [x]
drvncdb; [x]
McAfee SiteAdvisor Service; "c:\program files\mcafee\siteadvisor\McSACore.exe"
NPF; system32\drivers\npf.sys
NwSapAgent; %SystemRoot%\system32\svchost.exe -k netsvcs; %SystemRoot%\System32\ipxsap.dll
pxscan; System32\drivers\pxscan.sys
pxsec; System32\drivers\pxsec.sys
RapportKELL; \??\c:\program files\trusteer\rapport\bin\RapportKELL.sys
RapportMgmtService; "c:\program files\trusteer\rapport\bin\RapportMgmtService.exe"
RapportPG; \??\c:\program files\trusteer\rapport\bin\RapportPG.sys
rootrepeal; \??\c:\windows\system32\drivers\rootrepeal.sys
SynPS2Enable; [x]
TabletServicePen; c:\windows\system32\Pen_Tablet.exe
{3295D94A-73B2-4600-8BD9-0AAD7298C700}; [x]
{88EBE9B4-B176-4C63-9265-2B4114BAA42C}; [x]
{BD90EF2D-2514-44A6-84AF-E71A7B1F9834}; [x]
{CFC30AC1-F4E7-4FAA-A513-868D51691FC2}; [x]
=============== Created Last 30 ================
2009-11-07 14:11 8,212 a------- c:\windows\mfebcdata
2009-11-07 14:10 56,320 a------- c:\windows\system32\OLDC.tmp
2009-11-07 14:05 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 14:05 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-11-07 14:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 14:03 77,312 a------- c:\windows\MBR.exe
2009-11-07 14:03 267,264 a------- c:\windows\PEV.exe
2009-11-07 13:59 <DIR> --ds---- C:\sdabbs.exe
2009-11-07 13:34 36 a------- c:\windows\rasqervy.dll
2009-11-07 13:33 7 a------- c:\windows\sdfinacs.dll
2009-11-07 00:05 4 a------- c:\windows\sdfixwcs.dll
2009-11-06 22:03 0 a----r-- c:\windows\Mtabimeqaguvimup.bin
2009-11-06 22:03 120 a------- c:\windows\Rsupiqefameteqar.dat
2009-11-06 22:00 104,448 a------- c:\windows\msacm32.drv
2009-11-06 22:00 104 a------- c:\windows\wuasirvy.dll
2009-11-06 21:58 0 a----r-- c:\windows\win32k.sys
2009-11-06 21:58 <DIR> --dsh--- c:\windows\system32\lowsec
2009-11-06 21:57 32,768 a------- C:\didx.exe
2009-11-06 21:57 15,000 a------- c:\windows\system32\z3z4srid90.dll
2009-11-06 21:57 91,648 a------- C:\dnpevj.exe
2009-11-06 21:57 21,504 ---sh--- c:\documents and settings\fabi\application data\sysint.exe
2009-11-06 21:57 98,304 ---sh--- c:\documents and settings\fabi\application data\excom.exe
2009-11-06 21:56 20,515 ---sh--- c:\documents and settings\fabi\application data\cmdran.exe
2009-11-06 09:03 99,486 ---sh--- c:\documents and settings\fabi\application data\vnsys.exe
2009-11-06 09:03 101,396 ---sh--- c:\documents and settings\fabi\application data\updateset.exe
2009-11-06 09:03 126,119 ---sh--- c:\documents and settings\fabi\application data\sysdrive.exe
2009-11-06 09:03 165,796 ---sh--- c:\documents and settings\fabi\application data\opdriver.exe
2009-11-06 09:03 105,019 ---sh--- c:\documents and settings\fabi\application data\gload.exe
2009-11-05 17:16 <DIR> --d----- c:\program files\Big City Adventure - New York City
2009-11-04 12:37 54,156 a---h--- c:\windows\QTFont.qfn
2009-11-04 12:37 1,409 a------- c:\windows\QTFont.for
2009-10-27 01:31 143,360 ---sh--- c:\program files\common files\openfile.exe
2009-10-19 12:54 <DIR> --d----- C:\multiAVCHD
2009-10-19 09:38 <DIR> --d----- c:\documents and settings\mcx1\application data\Intel
2009-10-19 09:38 <DIR> --d----- c:\documents and settings\mcx1\application data\AOL
2009-10-19 09:38 <DIR> --d----- c:\documents and settings\mcx1\application data\You've Got Pictures Screensaver
2009-10-15 11:40 <DIR> --d----- c:\documents and settings\all users\application data\RegCure
2009-10-14 17:35 0 a------- c:\windows\Waverly.INI
==================== Find3M ====================
2009-10-21 04:08 3,598,336 -------- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 14:02 19,944 a------- c:\program files\common files\fufuwubuha._dl
2009-10-01 14:02 19,428 a------- c:\program files\common files\iluqic.ban
2009-10-01 14:02 17,957 a------- c:\windows\system32\bysebiz.pif
2009-10-01 14:02 17,513 a------- c:\program files\common files\ybecawy.db
2009-10-01 14:02 17,247 a------- c:\documents and settings\all users\application data\mizasy.bin
2009-10-01 14:02 14,939 a------- c:\windows\system32\yzyn.scr
2009-10-01 14:02 14,503 a------- c:\program files\common files\utylimykow.dat
2009-10-01 14:02 13,432 a------- c:\windows\oposydy.bin
2009-10-01 14:02 11,981 a------- c:\program files\common files\iqoqekoze.bat
2009-10-01 14:02 11,590 a------- c:\windows\system32\ynof.dat
2009-10-01 14:02 10,462 a------- c:\windows\system32\limuhemor.exe
2009-10-01 08:32 18,693 a------- c:\documents and settings\all users\application data\esam.pif
2009-10-01 08:32 19,887 a------- c:\windows\ecejaf.reg
2009-10-01 08:32 19,336 a------- c:\program files\common files\emiquxut.ban
2009-10-01 08:32 14,618 a------- c:\program files\common files\etena.dl
2009-10-01 08:32 11,921 a------- c:\documents and settings\fabi\application data\qijufofoci.bin
2009-10-01 08:32 10,625 a------- c:\windows\wozem.dat
2009-10-01 08:32 19,496 a------- c:\program files\common files\ovamovi.bin
2009-10-01 08:32 18,044 a------- c:\windows\ovap.bin
2009-10-01 08:32 13,549 a------- c:\windows\tifupacov.bin
2009-09-30 19:47 37,824 ac------ c:\documents and settings\fabi\application data\GDIPFONTCACHEV1.DAT
2009-09-16 09:22 214,664 a------- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 14:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 21:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-09-01 16:01 278,528 a------- c:\windows\SYCLicense_090901.dll
2009-08-28 10:28 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 08:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-07-15 21:23 134 a---h--- c:\documents and settings\fabi\application data\lakerda1967.sys
2009-03-21 14:06 129,024 ---sh--- c:\documents and settings\fabi\application data\rnfiles.exe
2009-03-21 14:06 105,019 ---sh--- c:\documents and settings\fabi\application data\loader.exe
2009-03-21 14:06 99,840 ---sh--- c:\documents and settings\fabi\application data\driverload.exe
2008-03-02 21:55 0 ac------ c:\program files\temp01
2007-09-05 17:15 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
==== Installed Programs ======================
µTorrent
517142 - ZBrush (Windows) (Shared Components)
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Amazon MP3 Downloader 1.0.8
ArtRage 2
ATI Display Driver
Audacity 1.2.6
AusLogics Disk Defrag
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Big Fish Games Client
Bytescout SWF To Video Scout
Candy Land - Dora the Explorer Edition
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CardRecovery 5.20
CLUE Classic
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Support 5.0.0 (630)
Dell System Restore
Digital Line Detect
DivX Content Uploader
DivX Web Player
Dora Backpack
Dora the Explorer - Lost City
Dream Day First Home
Dream Day Wedding
Dream Day Wedding - Viva Las Vegas
Dream Day Wedding - Viva Las Vegas 1.00
DVD Flick
EA Download Manager
EASEUS Data Recovery Wizard Professional 4.3.6
G6 U-DISK Manager Uninstall
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel® PROSet/Wireless Software
Java™ 6 Update 14
Logitech QuickCam
Logitech QuickCam Driver Package
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.5 (build 0268)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Martine ą la ferme
McAfee SecurityCenter
mCore
MCU
mDrWiFi
Media Center Extender
MeshLab 1.2.2
mHlpDell
Micro Application - Martine ą la montagne
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIWA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
mProSafe
mSSO
mWlsSafe
mWMI
mXML
Mystery Chronicles: Murder Among Friends
mZConfig
Nancy Drew: Warnings at Waverly Academy
Nero 7 Essentials
neroxml
NetWaiting
NVIDIA PureVideo Decoder
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Manual NW-E010 Series
PDFCreator
PDFCreator Toolbar
Pen Tablet
Poser Pro
PowerDVD 5.7
ProtectDisc Driver, Version 11
Python 2.6.2
Quick Screen Capture 3.0
QuickTime
Rapport
RealPlayer
RegCure 1.6.0.0
SAGEM F@st 800-840
Search Assist
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype 4.1
Sonic Audio Module
Sonic CinePlayer
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic Update Manager
SonicStage 4.3
SpywareBlaster 4.2
Synaptics Pointing Device Driver
The Sims 3
TomTom HOME 2.5.2.60
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
UploadScaler 1.1
VAIO music transfer 1.2
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Wanadoo Europe Installer
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 4.0
WinRAR archiver
Womens Murder Club a Darker Shade of Grey 1.00
Xvid 1.1.3 final uninstall
XviD MPEG-4 Codec
Yahoo! Toolbar
ZBrush3
============= FINISH: 14:48:33.76 ===============
#72
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 11:32 AM
I did it a second time but could not find the new ntbtlog.txt in C:WINDOWS
#73
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 11:56 AM
Please see if there is a folder in C:\ named qoobox. If so, do the following from a command prompt.
dir c:\qoobox /s >"%userprofile%\desktop\look.txt"
Post the contents of look.txt on the desktop.
dir c:\qoobox /s >"%userprofile%\desktop\look.txt"
Post the contents of look.txt on the desktop.
Dave
#74
sdabbs
-
- Authentic Member
-
- 97 posts
Authentic Member
Posted 14 November 2009 - 01:52 PM
Hi,
there were a few folders in qoobox - backenv, lastrun, quarantine, test and testc
Volume in drive C has no label.
Volume Serial Number is 1403-B6F1
Directory of c:\qoobox
11/07/2009 02:02 PM <DIR> .
11/07/2009 02:02 PM <DIR> ..
11/07/2009 02:02 PM <DIR> BackEnv
11/07/2009 02:02 PM <DIR> LastRun
11/07/2009 01:58 PM <DIR> Quarantine
11/07/2009 02:02 PM <DIR> Test
11/07/2009 02:02 PM <DIR> TestC
0 File(s) 0 bytes
Directory of c:\qoobox\BackEnv
11/07/2009 02:02 PM <DIR> .
11/07/2009 02:02 PM <DIR> ..
11/07/2009 02:05 PM 451 appdata.folder.dat
11/07/2009 02:05 PM 398 cache.folder.dat
11/07/2009 02:05 PM 280 Cookies.folder.dat
11/07/2009 02:05 PM 233 desktop.folder.dat
11/07/2009 02:05 PM 287 favorites.folder.dat
11/07/2009 02:05 PM 358 localappdata.folder.dat
11/07/2009 02:05 PM 332 localsettings.folder.dat
11/07/2009 02:05 PM 256 mypictures.folder.dat
11/07/2009 02:05 PM 359 personal.folder.dat
11/07/2009 02:04 PM 379 Profiles.Folder.dat
11/07/2009 02:05 PM 621 Profiles.Folder.folder.dat
11/07/2009 02:06 PM 293 programs.folder.dat
11/07/2009 02:04 PM 6946 SetPath.bat
11/07/2009 02:06 PM 248 startmenu.folder.dat
11/07/2009 02:06 PM 333 startup.folder.dat
11/07/2009 02:04 PM 2644 SysPath.dat
11/07/2009 02:06 PM 332 templates.folder.dat
17 File(s) 14750 bytes
Directory of c:\qoobox\LastRun
11/07/2009 02:02 PM <DIR> .
11/07/2009 02:02 PM <DIR> ..
11/07/2009 02:10 PM 122 ndis_HDCntrl.old
1 File(s) 122 bytes
Directory of c:\qoobox\Quarantine
11/07/2009 01:58 PM <DIR> .
11/07/2009 01:58 PM <DIR> ..
11/07/2009 02:09 PM <DIR> C
11/07/2009 02:02 PM 51 catchme.log
11/07/2009 01:58 PM <DIR> Registry_backups
1 File(s) 51 bytes
Directory of c:\qoobox\Quarantine\C
11/07/2009 02:09 PM <DIR> .
11/07/2009 02:09 PM <DIR> ..
11/07/2009 02:10 PM <DIR> WINDOWS
0 File(s) 0 bytes
Directory of c:\qoobox\Quarantine\C\WINDOWS
11/07/2009 02:10 PM <DIR> .
11/07/2009 02:10 PM <DIR> ..
11/07/2009 02:10 PM <DIR> system32
0 File(s) 0 bytes
Directory of c:\qoobox\Quarantine\C\WINDOWS\system32
11/07/2009 02:10 PM <DIR> .
11/07/2009 02:10 PM <DIR> ..
11/07/2009 02:10 PM <DIR> drivers
04/14/2008 12:11 AM 56320 eventlog.dll.vir
1 File(s) 56320 bytes
Directory of c:\qoobox\Quarantine\C\WINDOWS\system32\drivers
11/07/2009 02:10 PM <DIR> .
11/07/2009 02:10 PM <DIR> ..
04/13/2008 06:40 PM 96512 atapi.sys.vir
1 File(s) 96512 bytes
Directory of c:\qoobox\Quarantine\Registry_backups
11/07/2009 01:58 PM <DIR> .
11/07/2009 01:58 PM <DIR> ..
0 File(s) 0 bytes
Directory of c:\qoobox\Test
11/07/2009 02:02 PM <DIR> .
11/07/2009 02:02 PM <DIR> ..
0 File(s) 0 bytes
Directory of c:\qoobox\TestC
11/07/2009 02:02 PM <DIR> .
11/07/2009 02:02 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
21 File(s) 167755 bytes
32 Dir(s) 30334029824 bytes free
#75
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 14 November 2009 - 01:58 PM
Thanks. Lets do another.
dir c:\atapi.sys /s >"%userprofile%\desktop\atapi.txt"
Dave
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
