Can't boot in any mode

I have some kind of rootkit virus and computer has a blue screen that says "a problem has been detected and windows need to shut down to prevent damage" It also says the same thing in safe mode. It gives Tech info of OXOOOOOO7B (OxF8A2B528, OxCOOOOO34,OxOOOOOOOO, OxOOOOOOOO. I am currently working off a laptop and have already burned a CD of REATOGO used it in infected computer and ran OTLPE program. I don't have a USB to save scan info on and I can't print it out either. Question: Can I run the "Run Fix" on the OTLPE program and see what happens? Maybe those tech numbers can help for what I might need to do next. Thank You for any help!

Anything you can do to help is appreciated. So much important stuff is on the infected computer that I never backed-up!! I really don't want to wipe everything out. Thanks again!

I googled the stop error message "OxOOOOOO7B".....it looks like it's some kind of problem that will not allow me to boot the computer up,in any mode

ran OTLPE program. I don't have a USB to save scan info on and I can't print it out either. Question: Can I run the "Run Fix" on the OTLPE program and see what happens? Maybe those tech numbers can help for what I might need to do next.

Hi!

Will you do a Quick Scan and post a log, please?

I did the "run scan", not the "quick scan".... the results are displayed on the infected computer....I don't know how to get the scan log to you. i'm working on a laptop, and infected computer has no internet. I can't even print the log...

Do you have a flash drive or a means of burning CD/DVDs?

no flash drive. i can burn a DVD, but only from the laptop I'm working from. I have the OTL log file showing on infected computer right now. I will gladly post that file, I just don't know how to get it from infected computer to you.

Hi again, I'm going to figure out a way to get this file burned to a DVD or I will go buy a flash drive to get the log file to you and post it. By the way, I'm a computer idiot, but I am determined to fix this myself. The free service you guys provide is invaluable. Thank you!

Okay..hope it works out and you can get the log to me..

ok....running REATOGO-X-PE on infected computer now. I see an internet explorer icon on the desktop. I click on it but can't access the internet. infected computer is correctly plugged in to a connection. Question: Is there any settings I can change to connect to internet and then post my scan results? Thanks again!

Did you use the NET version?

Are you attempting to connect wirelessly?

not sure what version it is...i downloaded off this site somewhere....Bunch of icons on the desktop, including Internet explorer. Internet connection is a hardline straight to tower....I shall search for the NET version while waiting for your reply. Thanks!

It'll have to be what I referred to in Post 6, if the log can be gotten...

just bought my first flashdrive....never used one before...wow, so easy a caveman can do it....and...wala!....here's the file you need..Thanks!






OTL logfile created on: 5/6/2012 11:50:46 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 319.00 Mb Available Physical Memory | 63.00% Memory free
462.00 Mb Paging File | 348.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 8.89 Gb Free Space | 26.01% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (servicelayer)
SRV - File not found [Auto] -- -- (se2Dnd5)
SRV - File not found [Auto] -- -- (sandradatasrv)
SRV - File not found [Auto] -- -- (RoxLiveShare9)
SRV - File not found [Auto] -- -- (mcdbus)
SRV - File not found [Auto] -- -- (maya70docserver)
SRV - File not found [Auto] -- -- (lmouflt2)
SRV - File not found [Auto] -- -- (lmimaint)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/26 06:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/16 07:13:28 | 000,039,528 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [File_System | System] -- -- (ssrtln)
DRV - File not found [File_System | System] -- -- (sscdbhk5)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [File_System | Auto] -- -- (drvnddm)
DRV - File not found [Kernel | Boot] -- -- (drvmcdb)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/04/30 12:19:50 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/10/08 18:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/08 18:29:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/16 19:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/01 06:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/16 19:03:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/19 14:32:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/19 14:32:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/30 12:19:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278822061859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: Macilai - {924F4DA2-3D4D-4BDF-A0A9-1CD87D410811} - C:\WINDOWS\system32\botekcat.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 15:03:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\My Documents
[2012/05/02 05:12:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LocalService\Recent
[2012/04/30 11:45:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/30 11:45:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/30 11:45:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/30 11:45:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/30 11:44:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/30 07:39:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sam\Recent
[2012/04/29 05:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\vlc
[2012/04/29 05:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/23 21:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\TEXT MSG
[2012/04/23 06:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/04/10 21:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
[2012/04/10 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Help
[2012/04/10 16:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Help
[2012/04/10 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\DefaultTab
[2012/04/10 15:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\New Folder
[2012/04/10 13:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reincubate
[2012/04/10 13:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reincubate
[2012/04/10 12:55:17 | 000,057,344 | ---- | C] (CodeGuru) -- C:\WINDOWS\System32\CGZipLibrary.dll
[2012/04/10 12:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicBerry for Blackberry
[2012/04/10 11:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Research In Motion
[2012/04/10 10:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\BB Video
[2012/04/10 09:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\BlackBerry
[2010/10/02 09:19:53 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sam\MSSSerif120.fon
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 12:20:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 12:19:50 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 12:19:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/30 11:59:11 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 11:59:11 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
[2012/04/30 11:59:03 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 11:26:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 10:57:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/30 09:03:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/30 02:17:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/30 02:16:11 | 000,487,904 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/30 02:10:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2241548719-1204121849-2049625453-1006.job
[2012/04/29 06:41:40 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/04/29 04:34:38 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\MediaConverter 7.5.lnk
[2012/04/24 16:45:08 | 018,932,816 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Third 8 - shawn.zip
[2012/04/24 16:43:30 | 017,486,343 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Second 8- shawn.zip
[2012/04/24 16:41:25 | 011,923,627 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\4 th set...5 pics.zip
[2012/04/24 16:12:25 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Frank_Crivelli.vcf
[2012/04/23 21:04:57 | 004,696,137 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\65893080.zip
[2012/04/23 09:21:47 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2012/04/23 06:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/04/23 06:26:15 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2012/04/22 06:25:31 | 000,004,184 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/04/22 06:25:28 | 000,000,104 | RHS- | M] () -- C:\WINDOWS\System32\27F6FB4FF0.sys
[2012/04/20 09:45:31 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Shortcut to BlackBerry Curve 8330 (April 20, 2012).lnk
[2012/04/20 05:40:52 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/17 06:35:07 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\instr for unempl..dot
[2012/04/16 10:47:26 | 000,978,049 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Zi8_UG_GLB_en.pdf
[2012/04/16 08:47:26 | 002,395,922 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\internalaffairs_AG guidelines.pdf
[2012/04/16 07:55:31 | 000,060,279 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\malicious prosecution legal definition of malicious prosecution_ malicious prosecution synonyms by the Free Online Law Dictionary.htm
[2012/04/16 03:02:24 | 000,067,286 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\New Jersey Court Cases - Court Case Law from NJ - New Jersey Court Opinions.htm
[2012/04/15 21:18:07 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/13 09:37:36 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/13 07:41:55 | 000,021,051 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Arrest, Search Warrants and Probable Cause andrew sandon.htm
[2012/04/13 06:33:19 | 000,079,203 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\exculpatory evidence.pdf
[2012/04/11 18:48:38 | 000,472,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 18:48:38 | 000,084,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 18:45:15 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/10 13:08:05 | 000,001,009 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Backup Extractor.lnk
[2012/04/10 13:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reincubate
[2012/04/10 12:18:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 12:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/10 11:29:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/10 11:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/10 11:04:08 | 000,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2012/04/10 11:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
[2012/04/10 08:12:30 | 000,072,186 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\chapter2_sub2.pdf
[2012/04/10 06:12:09 | 000,085,327 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\DV-Model-Policy-Final-12-11-09.pdf
[2012/04/07 09:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 12:19:50 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 11:45:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 11:45:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 11:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 11:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 11:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/30 03:58:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/29 04:04:11 | 039,694,728 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\20120322115827-20120322120700.mp4
[2012/04/29 04:02:32 | 115,501,084 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\20120322113500-20120322115826.mp4
[2012/04/26 06:54:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/24 16:45:08 | 018,932,816 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Third 8 - shawn.zip
[2012/04/24 16:43:30 | 017,486,343 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Second 8- shawn.zip
[2012/04/24 16:41:25 | 011,923,627 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\4 th set...5 pics.zip
[2012/04/24 16:11:53 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Frank_Crivelli.vcf
[2012/04/23 21:04:53 | 004,696,137 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\65893080.zip
[2012/04/20 09:45:31 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\Shortcut to BlackBerry Curve 8330 (April 20, 2012).lnk
[2012/04/17 06:35:06 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\instr for unempl..dot
[2012/04/16 10:47:25 | 000,978,049 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Zi8_UG_GLB_en.pdf
[2012/04/16 08:47:23 | 002,395,922 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\internalaffairs_AG guidelines.pdf
[2012/04/16 07:55:28 | 000,060,279 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\malicious prosecution legal definition of malicious prosecution_ malicious prosecution synonyms by the Free Online Law Dictionary.htm
[2012/04/16 03:02:24 | 000,067,286 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\New Jersey Court Cases - Court Case Law from NJ - New Jersey Court Opinions.htm
[2012/04/13 07:41:54 | 000,021,051 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Arrest, Search Warrants and Probable Cause andrew sandon.htm
[2012/04/13 06:33:19 | 000,079,203 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\exculpatory evidence.pdf
[2012/04/11 18:45:15 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/10 13:08:04 | 000,001,009 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Backup Extractor.lnk
[2012/04/10 11:29:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2012/04/10 11:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/04/10 08:12:30 | 000,072,186 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\chapter2_sub2.pdf
[2012/04/10 06:12:09 | 000,085,327 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\DV-Model-Policy-Final-12-11-09.pdf
[2012/02/16 06:21:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/15 09:49:16 | 000,487,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/23 22:41:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP120JPR.{PB
[2011/05/23 22:41:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\PFP120JCM.{PB
[2011/05/07 06:19:37 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\n6h25172uf1fx7546axdkc78k703814ff8xse
[2011/05/07 06:19:37 | 000,013,676 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\n6h25172uf1fx7546axdkc78k703814ff8xse
[2011/04/23 20:33:40 | 000,016,070 | -HS- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/04/23 20:33:40 | 000,016,070 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\58bx7eu82nw807u43225osy0i56032q6uj62
[2011/03/05 22:39:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/11/03 18:04:31 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/04 16:14:59 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2010/10/02 11:07:16 | 000,074,268 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/24 09:58:09 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 23:07:18 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Sam\pool.bin
[2010/07/15 10:32:26 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/15 10:32:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\27F6FB4FF0.sys
[2010/07/12 20:39:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/11 08:55:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/11 08:38:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2010/07/11 08:36:37 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2010/07/11 08:36:37 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2010/07/11 08:16:42 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/07/11 08:16:42 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/07/11 07:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cfgigavi.exe
[2010/07/11 07:10:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\binebas.dll
[2010/07/10 23:11:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/15 02:43:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/15 02:36:55 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/15 02:31:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/15 02:26:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/15 02:07:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/15 02:07:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/15 02:07:24 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:59:28 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:30 | 006,627,328 | ---- | C] () -- C:\WINDOWS\System32\mp3ucvox.exe
[2004/08/10 14:51:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\zapitie.dll
[2004/08/10 14:51:30 | 001,318,912 | ---- | C] () -- C:\WINDOWS\System32\jobopcer.dll
[2004/08/10 14:51:30 | 000,901,120 | ---- | C] () -- C:\WINDOWS\System32\botekcat.dll
[2004/08/10 14:51:30 | 000,433,448 | ---- | C] () -- C:\WINDOWS\System32\dotipdrv32.dll
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,472,970 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,084,364 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2012/04/10 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Blackberry Desktop
[2011/09/26 17:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\D7fEL8gTZjCkVNx
[2012/04/10 16:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\DefaultTab
[2012/04/12 05:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ecyxzi
[2010/07/11 09:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\FUJIFILM
[2012/03/28 06:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Icoxxi
[2011/10/15 04:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Inynab
[2010/10/02 09:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Leadertech
[2011/10/15 04:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Muapc
[2010/07/11 09:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\OpenOffice.org
[2012/03/05 17:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ovfutav
[2011/09/26 17:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\P0ycS1ivDoGaHsK
[2011/10/17 08:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\QuickScan
[2010/08/24 16:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Research In Motion
[2010/09/23 16:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\uTorrent
[2012/03/05 20:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Zyum
[2010/11/03 22:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/03 22:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/24 08:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/11 08:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2005/12/15 02:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/20 20:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========


< End of report >

DRV - [2012/04/30 12:19:50 | 000,060,416 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Combo-Fix.sys -- (vkquwexg)

O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21218.3XE (Microsoft Corporation)

[2012/04/30 12:19:50 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\Combo-Fix.sys
[2012/04/30 11:45:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/30 11:45:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/30 11:45:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/30 11:45:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/30 11:45:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

Why was ComboFix used in the first place? That's what was used, which made the computer unbootable.

Where was ComboFix downloaded? I must know this information so we can proceed to the best possible fix. If I know where it was downloaded, then I will know how to reverse the changes.

i downloaded comco fix from your site, like two years ago....to fix a problem back then.......I never deleted it..kept it on my infected computer....and used it again, to try a self fix for my current problem.....

I left combofix as an icon on my desktop for like 2 years...i know, i should have deleted it......I clicked on the icon to open it up....it then said there was an update available, would i like to update?...I answered yes, and i have no idea what site I actually went to..........

sorry, forgot to answer your other question........I "thought" it would be a good idea to try combofix because everytime I kept running maleware, it would show 6 or so rootkit virus....and they weren't getting removed upon rebooting......sooo, it was me, thinking I "knew" how to fix this with combofix because it was used 2 years ago for something else....yea...all this from the guy that just bought his first flash drive....

Please save the following instructions into Notepad and print it out as this webpage would not be available when you're carrying out the process.

1.Please reboot into Recovery Console as you did before.

2.You must enter which Windows installation to log onto. Type 1 and press Enter.

3.At the C:\Windows prompt, type the following bolded command, and press Enter:

set allowallpaths = true

4.At the next prompt type without the quotes "cd erdnt\subs" and hit Enter.

5.At the next prompt, please type in the following without the quotes: "batch erdnt.con" and hit Enter.

The erunt backups should begin copying backup files. At the next prompt after it is complete, Type exit.

kindly reboot your pc and tell me if Windows is loading now

i'm sorry, is recovery console the reatogo program? Or am I booting without that and just going into the f1 or f2 key?

The Recovery Console should be a secondary boot option created by ComboFix in the past...is it not there?

no, i don't see it. the only way i can boot up the bad computer is thru the reatogo disk

Do you have XP or XP-Recovery Disc?

no, only reatogo

Please create your own Recovery Disc using this tutorial:

Download RC.ISO and save it somewhere you can find it.

Download MagicISO and install it.

Start MagicISO. When it asks you to register, just close that window...the program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As". Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed drop-down menu, choose the top 8X setting. Format should have "Mode 1" selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart.

Once in the Recovery Console, do what's in this post please: http://www.GeekPolice.net/t28732p15-can-t-boot-in-any-mode#198864

Thx, I'm working on it now!

ok, did all instructions exactly as you said,got into windows recovery and typed all previous instructions exactly. It is not rebooting in normal mode or safe mode......I even went back to boot settings F2 and tried to boot from hard drive....still getting blue screen with error message 0x0000007B

Go back in to the Recovery Console as before and type: fixmbr - it will ask and confirm...once done it will reboot. See if it will boot normally into Windows.

in here now...pressed 1 to get into windows next prompt i typed fixmbr ...it now says "are you sure you want to write a new MBR?" i hit "enter and it just repeats same question. It appears i can only put 1 letter or number in there??

ok...i just typed in "y" for yes and it now says the new master boot record has been successfully written.....below that it now shows

C:\WINDOWS> what do i type in this spot? Thx!!

Type in Exit.

It should reboot your computer. Tell me the results.

I'll be back later 3+ hours.

ok

still not booting in safe, normal or last know settings...?

Next command in Recovery:

fixboot

just did that...the new bootsector was suceddfully written
..C;\WINDOWS> what to type now? exit? reboot?? thanks again

Good. Type exit and it should reboot.

Tell me if that helped to boot the computer...