1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved trojan deleted files cant run chkdsk

Discussion in 'Malware and Virus Removal Archive' started by jbutah, 2011/06/29.

Page 1 of 4
  1. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    [Resolved] trojan deleted files cant run chkdsk

    when comp starts up it says to run chkdsk /F and I can't access dos all i can do is boot up and f8 will only let me disable system restart and read the screen. won't boot to safe mode cd sounds like it works but won't open
    mbam or ot programs.. any others or iso i can try to boot from?? thanks
     
    jbutah,
    #1
  2. 2011/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    You say "trojan deleted ".
    I need to know what exactly led to your current situation.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    ok thanks, I have tried 5 different programs like you suggest, mbam, ote, others.. the only one that worked is from surferdude2 post with a boot disk iso sp2, I get error that windows root\system32\hal.dll is corrupt or missing and to reinstall a copy. so I can now boot and get to "select which operating system" disk 1 part 1, disk 1 part 2, disk 2 part 1, disk 2 part 2, disk 3 part 1, disk 3 part 2. none will open in safe mode until the hal.dll is copied... what next?? can I copy that file from a cd?
     
    jbutah,
    #3
  5. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    and when i choose the first disk and partition it reboots and flashes a quick blue screen. so i am very limited as to how to boot up.. but i did find out what got deleted/corrupted.
     
    jbutah,
    #4
  6. 2011/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're still not explaining what you mean by " "trojan deleted ".
    Computer was working fine?
    Something (what?) detected a trojan?
    What happened next?
     
    broni,
    #5
  7. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    A norton symantec virus program detected a trojan a week ago.. it was deleted and I think the virus program was off or ended and the computer crashed with the blue screen. I only assumed that trojan re-infected computer.. last week i got my important files off and have been searching your bbs for days and trying lots of things but no success yet.. getting closer i think?
     
    jbutah,
    #6
  8. 2011/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not bootable since THEN?
    Did this start at the same time?
     
    broni,
    #7
  9. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    correct.. i have been reading many of the threads/posts here and trying alot of fixes.. nothing close until today with the boot disk iso but one step closer.. keeps rebooting, even with the boot disk because of the bad file i think..
     
    jbutah,
    #8
  10. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    it has not booted to windows since last week. is it possible to get a hal.dll file to load from a cd?
     
    jbutah,
    #9
  11. 2011/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Under the Custom Scan box paste this in:

      /md5start
      hal.dll
      /md5stop

    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #10
  12. 2011/06/29
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    I am using a windows 7 computer to email and make cds.. i tried that earlier and it did not boot up the xp computer.
     
    jbutah,
    #11
  13. 2011/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Create that CD and see if it'll boot your Windows 7 computer.
    If it'll then the CD is fine.

    Check XP computer boot order as described in my previous reply.

    You won't know until you try.
     
    broni,
    #12
  14. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    thanks so much for your help on this.. boot order is good. reads cd first and will try the boot cd today..
     
    jbutah,
    #13
  15. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    YOU ARE AWESOME!! BOOT DISK WORKED... WHAT NEXT?

    OTL logfile created on: 6/30/2011 10:01:45 AM - Run
    OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 48.83 Gb Total Space | 39.36 Gb Free Space | 80.60% Space Free | Partition Type: NTFS
    Drive D: | 93.16 Gb Total Space | 92.26 Gb Free Space | 99.04% Space Free | Partition Type: NTFS
    Drive E: | 44.33 Gb Total Space | 44.27 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto] -- -- (Seagate Sync Service)
    SRV - File not found [Auto] -- -- (RoxWatch)
    SRV - File not found [Auto] -- -- (RoxUpnpServer)
    SRV - File not found [On_Demand] -- -- (RoxUPnPRenderer)
    SRV - File not found [On_Demand] -- -- (RoxMediaDB)
    SRV - File not found [Auto] -- -- (RoxLiveShare)
    SRV - [2007/10/07 23:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2007/10/07 23:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2007/10/07 23:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2007/08/28 22:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/08/27 20:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2007/07/26 22:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2007/05/29 19:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2007/05/29 19:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [File_System | System] -- -- (RxFilter)
    DRV - File not found [Kernel | System] -- -- (pwd_2k)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- -- (mmc_2K)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrv11110)
    DRV - File not found [Kernel | On_Demand] -- -- (dvd_2K)
    DRV - File not found [Kernel | Boot] -- -- (drvmcdb)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [File_System | System] -- -- (cdudf_xp)
    DRV - [2011/05/25 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110525.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/05/25 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110525.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/16 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/16 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/02/14 11:44:51 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2007/08/27 20:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2007/08/27 20:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2007/07/26 22:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2006/09/06 17:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 17:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/04/04 21:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005/02/25 13:15:20 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
    DRV - [2005/02/22 05:18:52 | 002,522,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005/02/01 10:39:20 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/12/20 04:10:14 | 001,271,463 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/12/06 20:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
    DRV - [2004/10/29 21:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/10/15 14:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2004/08/12 11:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
    DRV - [2004/07/05 04:25:54 | 000,103,391 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/?ilc=1 [binary data]
    IE - HKU\John_ON_C\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 21:05:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 11:52:42 | 000,000,000 | ---D | M]

    [2011/03/23 12:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
    [2011/05/25 20:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\3014gcta.default\extensions
    [2011/04/15 18:28:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\3014gcta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/10 11:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/06 21:01:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/02/15 11:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/13 21:14:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 21:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - File not found
    O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
    O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DivXUpdate] File not found
    O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [RoxioDragToDisc] File not found
    O4 - HKLM..\Run: [RoxWatchTray] File not found
    O4 - HKLM..\Run: [StxTrayMenu] File not found
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
    O4 - HKU\John_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/02/13 16:27:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/10 18:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Chronotron.com
    [2011/06/10 17:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Start Menu\Programs\F-Recovery for SD
    [2011/06/10 17:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\File Scavenger 3.2
    [2011/06/10 17:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CardRecovery
    [2011/06/10 17:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Start Menu\Programs\WMV9 VCM
    [2011/06/09 14:00:18 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2011/06/09 13:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2011/06/09 13:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2011/06/09 13:58:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/06/05 16:02:58 | 000,000,000 | ---D | C] -- C:\FTRSettings
    [2011/06/05 16:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ForTheRecord
    [2011/06/05 16:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\FTR
    [2011/06/05 16:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
    [2011/06/05 16:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2011/06/05 13:48:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\Start Menu\Programs\Administrative Tools
    [2011/06/05 13:39:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Guest\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/10 18:00:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/10 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\File Scavenger 3.2
    [2011/06/10 17:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CardRecovery
    [2011/06/10 10:49:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/10 10:49:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/06/10 10:49:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/06/10 10:48:36 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/06/10 10:41:26 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/06/09 14:00:09 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/09 14:00:09 | 000,001,320 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2011/06/09 13:58:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2011/06/05 16:02:11 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TheRecord Player.lnk
    [2011/06/05 16:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ForTheRecord
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Guest\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Guest\Local Settings\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/09 14:00:09 | 000,001,320 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
    [2011/06/09 13:58:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2011/06/05 16:02:11 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TheRecord Player.lnk
    [2011/03/06 21:05:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/03/05 17:45:11 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/21 19:40:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/02/18 09:27:25 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy DVD Creator.INI
    [2011/02/15 11:25:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\rx_image.Cache
    [2011/02/14 13:15:43 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/02/14 11:53:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2011/02/13 18:45:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/02/13 17:08:17 | 000,073,845 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/02/13 17:03:51 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2011/02/13 17:03:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2011/02/13 16:42:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/02/13 15:58:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/02/13 08:34:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/02/13 08:16:20 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/11/04 12:58:41 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll
    [2009/11/04 12:58:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
    [2009/11/04 12:58:40 | 001,984,512 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/08/29 18:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/12 11:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2004/01/14 00:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

    ========== LOP Check ==========

    [2011/02/13 21:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OpenOffice.org
    [2011/06/05 13:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PriceGong
    [2011/03/20 21:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: HAL.DLL >
    [2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
    [2008/04/14 08:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\non-circ.jpeg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\non-circ jb ken.jpeg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\non circ jb ken.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\My Videos:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\JBAgreement.tif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\JBAgreement(2).tif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\GSS IC agreement2.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\John\My Documents\GSS IC agreement.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Guest\My Documents\Downloads:Roxio EMC Stream
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:7631EA83
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:E7833B2E
    < End of report >
     
    jbutah,
    #14
  16. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    also sounds like fan is running constantly now??
     
    jbutah,
    #15
  17. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    also i did a search of windows and found hal.dll but waiting for instructions from you..
     
    jbutah,
    #16
  18. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    and this is a fujitsu N6200 laptop with win xp pro os
     
    jbutah,
    #17
  19. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    most of the searches here say fixmbr or boot.ini or fixboot? i can find boot.ini and it says partition 1 and then next line is partition 3.... that doesn't sound right... waiting for your reply..
     
    jbutah,
    #18
  20. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    as per last post, i did look at hard disks and there are 3, C,D & E. so am I missing a #2 partition?
     
    jbutah,
    #19
  21. 2011/06/30
    jbutah

    jbutah Inactive Thread Starter

    Joined:
    2011/06/15
    Messages:
    51
    Likes Received:
    0
    sorry i meant 3 partitions, NOT 3 hard drives..
     
    jbutah,
    #20
Page 1 of 4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...