Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit virus


  • This topic is locked This topic is locked
32 replies to this topic

#1 afchad

afchad

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 11 December 2011 - 08:25 PM

pc doctor says i have rootkit.tds.v3 I have been fighting this for a week and a half. Ill admit I should have tried this approach before attempting myself. I came home one night and my comp had a million popups saying I was infected and needed to buy something to remove it. I finally was able run kaspersky free virus remover and removed ome java related viruses. After that i thought cool..its gone...wrong! I started getting redirects with all search engines. I have tried combofix and unhackme...luckily i didnt screw anything up....I promise not to go rogue again..i will follow he person kind enough to help me to the letter! I had Mcafee installed i could not start the firewall on it or for windows. I had iexplorer 9 update...i tried removing that to reset my search stuff.....im in the military and about to be gone for 6 months...i need this laptop to skype with my kiddos. please let me know if you need any more info.

Attached Files


Edited by afchad, 11 December 2011 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 14 December 2011 - 10:25 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 afchad

afchad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 15 December 2011 - 03:54 AM

ComboFix 11-12-13.03 - Chad 12/15/2011 2:47.6.4 - x64
Running from: c:\users\Chad\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 08:18 . 2011-12-15 08:18 -------- d-----w- c:\users\Mcx1-CHAD-PC\AppData\Local\temp
2011-12-15 08:18 . 2011-12-15 08:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 08:00 . 2011-12-15 08:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-12-15 06:41 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 06:41 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 06:41 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 23:00 . 2011-12-02 12:49 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-11 23:00 . 2011-12-11 23:00 -------- d-----w- c:\program files (x86)\Lavasoft
2011-12-11 23:00 . 2011-12-11 23:00 -------- d-----w- c:\programdata\Lavasoft
2011-12-11 22:56 . 2011-12-11 22:56 -------- d-----w- c:\users\Chad\Pavark
2011-12-11 19:34 . 2011-12-11 19:34 -------- d-----w- c:\program files\CCleaner
2011-12-11 16:44 . 2011-12-11 16:44 -------- d-----w- c:\users\Chad\AppData\Local\Registry_Cleaner_Pro
2011-12-11 16:44 . 2011-12-11 16:44 -------- d-----w- c:\users\Chad\AppData\Local\Registry Cleaner Pro
2011-12-11 16:44 . 2011-12-11 16:51 -------- d-----w- c:\program files (x86)\Registry Cleaner Pro
2011-12-11 01:17 . 2011-12-11 01:17 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-12-11 01:16 . 2011-12-11 01:16 2 --shatr- c:\windows\winstart.bat
2011-12-11 01:16 . 2011-12-11 16:50 -------- d-----w- c:\program files (x86)\UnHackMe
2011-12-10 22:12 . 2011-12-10 22:12 -------- d-----w- c:\users\Chad\AppData\Roaming\PCTools
2011-12-10 22:12 . 2011-12-10 22:12 -------- d-----w- c:\users\Chad\AppData\Roaming\isoburnerdata
2011-12-10 21:15 . 2011-12-10 21:15 -------- d-----w- c:\program files\Java
2011-12-10 21:11 . 2011-12-10 21:11 -------- d-----w- c:\program files (x86)\Java
2011-12-10 20:25 . 2011-11-23 00:42 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2011-12-10 20:25 . 2011-11-23 00:41 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2011-12-10 19:20 . 2011-12-10 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-10 16:42 . 2011-12-10 17:50 -------- d-----w- C:\help
2011-12-10 06:28 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\FD52.tmp
2011-12-10 06:26 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\5D6B.tmp
2011-12-10 06:18 . 2011-12-10 20:56 -------- d-----w- c:\users\Chad\AppData\Roaming\PerformerSoft
2011-12-10 06:18 . 2011-12-02 23:04 19000 ----a-w- c:\windows\system32\roboot64.exe
2011-12-10 06:18 . 2011-12-10 06:18 -------- d-----w- c:\program files (x86)\InstallBrainService
2011-12-10 06:11 . 2011-12-10 06:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-10 00:49 . 2011-12-10 00:49 -------- d-----w- c:\users\Chad\AppData\Roaming\TestApp
2011-12-07 07:41 . 2010-12-03 20:34 767952 ----a-w- c:\windows\BDTSupport.dll1204.old
2011-12-07 07:41 . 2010-12-03 20:34 149456 ----a-w- c:\windows\SGDetectionTool.dll1203.old
2011-12-07 07:41 . 2011-11-22 23:20 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-12-07 07:41 . 2011-11-22 23:20 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-12-07 07:41 . 2011-11-22 23:20 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-12-07 07:41 . 2010-12-09 15:48 1996752 ----a-w- c:\windows\PCTBDCore.dll1203.old
2011-12-07 07:22 . 2011-12-10 21:51 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-12-07 07:22 . 2011-10-07 22:52 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-12-07 07:22 . 2011-11-23 00:38 141312 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-12-07 07:22 . 2011-11-23 00:38 337048 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-12-07 07:22 . 2011-11-14 20:12 367912 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-12-07 07:22 . 2011-11-23 00:43 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-12-07 07:21 . 2011-12-12 08:18 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-07 07:21 . 2011-12-10 20:43 -------- d-----w- c:\programdata\PC Tools
2011-12-07 07:21 . 2011-12-10 06:08 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-07 07:21 . 2011-12-07 07:21 -------- d-----w- c:\users\Chad\AppData\Roaming\PC Tools
2011-12-06 18:44 . 2011-12-10 06:08 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-12-06 18:44 . 2011-10-15 18:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-06 18:44 . 2011-10-15 18:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-06 18:44 . 2011-10-15 18:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-06 18:44 . 2011-10-15 18:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-06 18:44 . 2011-10-15 18:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-06 18:44 . 2011-10-15 18:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-06 18:44 . 2011-10-15 18:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-06 18:44 . 2011-12-10 06:08 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-06 18:44 . 2011-12-10 06:08 -------- d-----w- c:\program files\McAfee
2011-12-06 18:43 . 2011-12-10 17:24 -------- d-----w- c:\program files (x86)\McAfee
2011-12-06 18:37 . 2011-10-18 19:32 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-06 06:47 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\9FF5.tmp
2011-12-06 06:46 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\5203.tmp
2011-12-06 06:46 . 2011-12-06 06:46 -------- d-----w- c:\program files (x86)\Sophos
2011-12-06 05:58 . 2011-12-06 05:58 -------- d-----w- c:\users\Chad\AppData\Roaming\SUPERAntiSpyware.com
2011-12-06 05:57 . 2011-12-10 18:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 22:45 . 2011-12-05 01:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-03 22:14 . 2011-12-03 22:14 45056 ----a-r- c:\users\Chad\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2011-12-03 22:14 . 2011-12-03 22:14 -------- d-----w- c:\windows\SysWow64\vmm32
2011-12-03 05:15 . 2011-12-03 05:15 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-02 18:31 . 2011-12-02 18:31 -------- d-----w- C:\7f20571658d47cc62829f4858b660f3e
2011-12-01 09:52 . 2011-12-01 09:52 0 ----a-w- c:\windows\SysWow64\shoCB1C.tmp
2011-12-01 09:28 . 2011-12-01 09:28 -------- d-----w- c:\users\Chad\AppData\Roaming\McAfee
2011-12-01 08:17 . 2011-12-01 08:17 -------- d-----w- c:\windows\Sun
2011-11-30 06:44 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89951854-C33C-4788-BADC-F4F5751FA1D5}\mpengine.dll
2011-11-30 06:36 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-30 06:36 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-30 06:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-30 06:36 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-29 17:59 . 2011-11-30 05:45 -------- d--h--w- c:\users\Chad\AppData\Roaming\E75A7064
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:15 . 2010-09-21 19:33 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 21:11 . 2011-05-22 21:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-13 05:52 . 2011-11-13 05:52 4283672 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-13 05:52 . 2011-11-13 05:52 42776 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-30 00:09 . 2011-05-17 14:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 18:16 . 2011-03-13 16:20 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2011-03-13 16:20 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-11_12.59.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:43 . 2009-07-14 01:14 77824 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-03-05 01:43 . 2010-11-20 12:17 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2009-07-13 23:42 . 2009-07-14 01:16 46592 c:\windows\SysWOW64\pngfilt.dll
+ 2009-07-13 23:42 . 2009-07-14 01:06 48128 c:\windows\SysWOW64\mshtmler.dll
+ 2011-12-12 02:33 . 2011-08-20 04:27 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 47104 c:\windows\SysWOW64\mshta.exe
+ 2011-03-05 01:43 . 2010-11-20 12:17 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-03-05 01:43 . 2010-11-20 12:19 64512 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-12-12 02:33 . 2011-08-20 04:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-12-12 02:33 . 2011-08-20 04:27 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 96256 c:\windows\SysWOW64\inseng.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\imgutil.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 72192 c:\windows\SysWOW64\iesetup.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 56320 c:\windows\SysWOW64\iernonce.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 61952 c:\windows\SysWOW64\icardie.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15 18432 c:\windows\SysWOW64\corpol.dll
- 2011-12-11 05:37 . 2011-12-11 05:37 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-12 08:16 . 2011-12-12 08:16 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-12-07 07:24 . 2011-12-11 05:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-07 07:24 . 2011-12-12 08:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-12-11 05:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-12 08:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-12 08:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-11 05:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-12 08:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:42 . 2009-07-14 01:14 73216 c:\windows\SysWOW64\admparse.dll
+ 2011-12-15 08:00 . 2011-12-15 08:03 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-29 12:31 . 2011-12-11 22:15 57360 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-12 00:52 37328 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-30 03:27 . 2011-12-12 00:52 14960 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-178208952-3989718700-2541972233-1000_UserData.bin
+ 2009-07-13 23:58 . 2009-07-14 01:39 93184 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-03-05 01:43 . 2010-11-20 13:25 98816 c:\windows\system32\RegisterIEPKEYs.exe
+ 2009-07-13 23:58 . 2009-07-14 01:41 62976 c:\windows\system32\pngfilt.dll
+ 2009-07-13 23:58 . 2009-07-14 01:29 48128 c:\windows\system32\mshtmler.dll
+ 2011-12-12 02:33 . 2011-08-20 05:34 97280 c:\windows\system32\mshtmled.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 43520 c:\windows\system32\mshta.exe
+ 2011-03-05 01:43 . 2010-11-20 13:24 12288 c:\windows\system32\msfeedssync.exe
+ 2011-03-05 01:43 . 2010-11-20 13:27 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-12-12 02:33 . 2011-08-20 05:37 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-03-05 01:43 . 2010-11-20 13:26 57856 c:\windows\system32\licmgr10.dll
+ 2011-12-12 02:33 . 2011-08-20 05:33 64512 c:\windows\system32\jsproxy.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 52736 c:\windows\system32\imgutil.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 72704 c:\windows\system32\iernonce.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 73728 c:\windows\system32\ie4uinit.exe
+ 2009-07-13 23:58 . 2009-07-14 01:41 84480 c:\windows\system32\icardie.dll
+ 2011-12-11 23:00 . 2011-12-02 12:49 69376 c:\windows\system32\DRVSTORE\lbd_483F0BF7A3AD4ED71EB7FC6065CFD6B9C37DEB69\Lbd.sys
- 2009-07-14 05:30 . 2011-12-06 18:44 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-11 19:26 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-13 23:58 . 2009-07-14 01:40 22016 c:\windows\system32\corpol.dll
- 2010-09-29 20:04 . 2011-12-11 01:00 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-29 20:04 . 2011-12-15 08:00 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-29 20:04 . 2011-12-11 01:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-29 20:04 . 2011-12-15 08:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-15 08:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-11 01:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:58 . 2009-07-14 01:40 90112 c:\windows\system32\admparse.dll
- 2010-10-23 03:26 . 2010-10-23 03:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-23 03:26 . 2011-12-12 08:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-12-13 03:37 96016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-10-23 03:26 . 2011-12-12 08:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-23 03:26 . 2010-10-23 03:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-23 03:26 . 2010-10-23 03:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-23 03:26 . 2011-12-12 08:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-29 19:13 . 2011-12-15 08:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-29 19:13 . 2011-11-07 05:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-29 19:13 . 2011-12-15 08:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-29 19:13 . 2011-05-24 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-15 14:09 . 2011-12-15 08:03 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-05 01:42 . 2010-11-20 12:57 69120 c:\windows\diagnostics\system\IESecurity\DiagPackage.dll
+ 2011-03-05 01:42 . 2010-11-20 12:57 92160 c:\windows\diagnostics\system\IEBrowseWeb\DiagPackage.dll
+ 2011-12-15 08:00 . 2011-12-15 08:03 2526 c:\windows\SoftwareDistribution\PostRebootEventCache\{E3062C48-C129-4DB3-9573-98432975B9F1}.bin
+ 2011-12-12 08:17 . 2011-12-12 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-11 05:50 . 2011-12-11 05:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-12 08:17 . 2011-12-12 08:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-11 05:50 . 2011-12-11 05:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-12 02:33 . 2011-08-20 04:31 981504 c:\windows\SysWOW64\wininet.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 151552 c:\windows\SysWOW64\wextract.exe
+ 2011-03-05 01:43 . 2010-11-20 12:21 229376 c:\windows\SysWOW64\webcheck.dll
+ 2011-12-12 02:33 . 2011-02-18 05:43 428032 c:\windows\SysWOW64\vbscript.dll
+ 2011-12-12 02:33 . 2011-08-20 04:30 132096 c:\windows\SysWOW64\url.dll
+ 2011-03-05 01:43 . 2010-11-20 12:20 153088 c:\windows\SysWOW64\occache.dll
+ 2011-03-05 01:44 . 2010-11-20 12:19 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 195072 c:\windows\SysWOW64\msrating.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15 157184 c:\windows\SysWOW64\msls31.dll
+ 2011-12-12 02:33 . 2011-08-20 04:27 599552 c:\windows\SysWOW64\msfeeds.dll
- 2011-10-13 18:25 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-12-12 02:33 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 226816 c:\windows\SysWOW64\iexpress.exe
+ 2011-03-05 01:43 . 2010-11-20 12:17 139264 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-12-12 02:33 . 2011-08-20 04:26 176640 c:\windows\SysWOW64\ieui.dll
- 2011-10-13 18:25 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 114688 c:\windows\SysWOW64\iesysprep.dll
+ 2011-03-05 01:43 . 2010-11-20 12:19 186368 c:\windows\SysWOW64\iepeers.dll
+ 2011-03-05 01:44 . 2010-11-20 12:19 389120 c:\windows\SysWOW64\iedkcs32.dll
+ 2009-06-10 21:13 . 2009-07-14 01:15 445952 c:\windows\SysWOW64\ieapfltr.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 163840 c:\windows\SysWOW64\ieakui.dll
+ 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15 229376 c:\windows\SysWOW64\ieaksie.dll
+ 2009-07-13 23:43 . 2009-07-14 01:15 126976 c:\windows\SysWOW64\ieakeng.dll
+ 2011-03-05 01:44 . 2010-11-20 12:17 176128 c:\windows\SysWOW64\ie4uinit.exe
+ 2009-07-13 23:42 . 2009-07-14 01:15 215552 c:\windows\SysWOW64\dxtrans.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15 346112 c:\windows\SysWOW64\dxtmsft.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 161792 c:\windows\system32\wextract.exe
+ 2011-03-05 01:43 . 2010-11-20 13:27 290304 c:\windows\system32\webcheck.dll
+ 2010-10-11 17:03 . 2011-12-15 06:35 295486 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-12-12 02:33 . 2011-02-18 10:56 613376 c:\windows\system32\vbscript.dll
+ 2011-12-12 02:33 . 2011-08-20 05:37 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2011-12-11 22:10 624622 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-10 20:33 624622 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-10 20:33 106708 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-11 22:10 106708 c:\windows\system32\perfc009.dat
+ 2009-07-13 23:58 . 2009-07-14 01:41 189952 c:\windows\system32\occache.dll
+ 2009-07-13 23:59 . 2009-07-14 01:41 241152 c:\windows\system32\msrating.dll
+ 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 222208 c:\windows\system32\msls31.dll
+ 2011-12-12 02:33 . 2011-08-20 05:34 702464 c:\windows\system32\msfeeds.dll
+ 2011-12-12 02:33 . 2011-02-18 10:54 919040 c:\windows\system32\jscript.dll
+ 2011-03-05 01:43 . 2010-11-20 13:26 125440 c:\windows\system32\inseng.dll
+ 2009-07-13 23:58 . 2009-07-14 01:39 251904 c:\windows\system32\iexpress.exe
+ 2009-07-13 23:58 . 2009-07-14 01:39 171008 c:\windows\system32\ieUnatt.exe
+ 2011-12-12 02:33 . 2011-08-20 05:33 247808 c:\windows\system32\ieui.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 138240 c:\windows\system32\iesysprep.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 100864 c:\windows\system32\iesetup.dll
+ 2011-03-05 01:44 . 2010-11-20 13:26 252928 c:\windows\system32\iepeers.dll
+ 2011-03-05 01:43 . 2010-11-20 13:26 445952 c:\windows\system32\iedkcs32.dll
+ 2009-06-10 20:30 . 2009-07-14 01:41 481792 c:\windows\system32\ieapfltr.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 163840 c:\windows\system32\ieakui.dll
+ 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
- 2011-04-10 21:32 . 2011-04-10 21:32 267776 c:\windows\system32\ieaksie.dll
+ 2009-07-13 23:58 . 2009-07-14 01:41 156160 c:\windows\system32\ieakeng.dll
- 2009-07-14 04:45 . 2011-11-30 06:49 414656 c:\windows\system32\FNTCACHE.DAT
+ 2011-12-11 23:01 . 2011-12-11 23:01 414656 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-13 23:58 . 2009-07-14 01:40 315904 c:\windows\system32\dxtrans.dll
+ 2009-07-13 23:58 . 2009-07-14 01:40 497152 c:\windows\system32\dxtmsft.dll
- 2009-07-14 05:30 . 2011-12-06 18:44 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-11 19:26 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-06 18:44 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-12-11 19:26 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:12 . 2011-12-11 01:00 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-12-13 18:37 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-12-11 05:31 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-12 08:16 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-27 03:46 . 2011-10-27 03:46 794112 c:\windows\Installer\f63b009.msp
- 2010-11-15 14:09 . 2011-11-30 06:44 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-12-21 05:30 . 2010-12-21 05:30 579968 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\VPREVIEW.EXE
+ 2009-09-04 14:02 . 2009-09-04 14:02 591680 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763\MSLID.DLL
+ 2011-12-12 02:33 . 2011-08-20 04:30 1231360 c:\windows\SysWOW64\urlmon.dll
+ 2011-12-12 02:33 . 2011-10-01 04:34 5990400 c:\windows\SysWOW64\mshtml.dll
+ 2011-12-12 02:33 . 2011-08-20 04:26 2073600 c:\windows\SysWOW64\iertutil.dll
+ 2009-06-10 21:13 . 2009-06-10 21:13 3698584 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-12-12 02:33 . 2011-08-20 05:37 1188864 c:\windows\system32\wininet.dll
+ 2011-12-12 02:33 . 2011-08-20 05:37 1494016 c:\windows\system32\urlmon.dll
+ 2011-03-05 01:44 . 2010-11-20 13:27 1026560 c:\windows\system32\mstime.dll
+ 2011-12-12 02:33 . 2011-10-01 05:41 9011200 c:\windows\system32\mshtml.dll
+ 2011-12-12 02:33 . 2011-08-20 05:33 2454528 c:\windows\system32\iertutil.dll
+ 2009-06-10 20:30 . 2009-06-10 20:30 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-12-12 08:22 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-11 05:57 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-10-03 15:39 . 2011-12-10 16:12 2450416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-03 15:39 . 2011-12-11 17:02 2450416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-18 11:24 . 2011-12-11 21:10 9809160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-178208952-3989718700-2541972233-1000-8192.dat
+ 2011-05-22 04:19 . 2011-12-11 19:40 1656820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-178208952-3989718700-2541972233-1000-12288.dat
- 2011-05-22 04:19 . 2011-12-10 20:58 1656820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-178208952-3989718700-2541972233-1000-12288.dat
+ 2011-10-16 19:45 . 2011-10-16 19:45 4966912 c:\windows\Installer\f63b04b.msp
+ 2011-10-16 19:28 . 2011-10-16 19:28 1138688 c:\windows\Installer\f63b035.msp
+ 2011-12-01 21:16 . 2011-12-01 21:16 3464704 c:\windows\Installer\f63b01f.msp
+ 2011-10-27 03:46 . 2011-10-27 03:46 1833472 c:\windows\Installer\f63aff3.msp
- 2010-11-15 14:09 . 2011-11-30 06:44 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 4525408 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-11-15 14:09 . 2011-12-15 08:03 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
- 2010-11-15 14:09 . 2011-11-30 06:44 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-04 17:41 . 2011-02-04 17:41 2672456 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\VBE7.DLL
+ 2010-10-20 17:35 . 2010-10-20 17:35 3792736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\PPTICO.EXE
+ 2011-04-07 01:09 . 2011-04-07 01:09 9701736 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\PPCORE.DLL
+ 2010-10-22 18:55 . 2010-10-22 18:55 2162024 c:\windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029\POWERPNT.EXE
+ 2011-12-12 02:33 . 2011-08-20 04:26 10991104 c:\windows\SysWOW64\ieframe.dll
+ 2009-07-14 02:34 . 2011-12-15 08:00 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-12-11 05:33 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-10-05 23:09 . 2011-12-15 08:01 54867776 c:\windows\system32\MRT.exe
+ 2011-12-12 02:33 . 2011-08-20 05:33 12261888 c:\windows\system32\ieframe.dll
+ 2011-10-27 03:45 . 2011-10-27 03:45 66426368 c:\windows\Installer\f63b062.msp
+ 2011-10-27 03:47 . 2011-10-27 03:47 10328064 c:\windows\Installer\f63afdd.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 16245760 c:\windows\Installer\f63afd3.msp
+ 2011-10-27 03:49 . 2011-10-27 03:49 10427392 c:\windows\Installer\f63afcb.msp
+ 2011-12-02 12:51 . 2011-12-02 12:51 15862272 c:\windows\Installer\2ab770.msi
+ 2011-10-16 19:38 . 2011-10-16 19:38 100966912 c:\windows\Installer\f63afc3.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell AIO Printer 948"="c:\program files (x86)\Dell AIO Printer 948\fm3032.exe" [2009-04-27 311976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [2007-06-26 33416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FD52.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2011-11-22 402336]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\System32\Drivers\pctBTFix64.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe [2007-06-26 1052808]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 InstallBrainService;InstallBrain Updater Service;c:\program files (x86)\InstallBrainService\InstallBrainService.exe [2011-12-10 273912]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"dldfmon.exe"="c:\program files (x86)\Dell AIO Printer 948\dldfmon.exe" [2009-04-27 455336]
"MemoryCardManager"="c:\program files (x86)\Dell AIO Printer 948\memcard.exe" [2009-04-27 410280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\FD52.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-178208952-3989718700-2541972233-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-178208952-3989718700-2541972233-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-15 03:38:52
ComboFix-quarantined-files.txt 2011-12-15 08:38
ComboFix2.txt 2011-12-11 13:18
ComboFix3.txt 2011-12-10 17:49
ComboFix4.txt 2011-12-05 18:15
ComboFix5.txt 2011-12-15 07:39
.
Pre-Run: 243,837,231,104 bytes free
Post-Run: 243,629,056,000 bytes free
.
- - End Of File - - B026AFCB1BF74ADE4F190EEAB65FD0FF

I was able to run Combo Fix w/o any problems. I still am getting redirects and am unable to turn on my firewall services. Thanks-Chad

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 15 December 2011 - 08:00 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 afchad

afchad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 15 December 2011 - 12:27 PM

I downloaded TDSSKILLER as requested. However when I double click on it my screen just turns a shade less bright and nothing comes up. I tried right clicking on it and running is as admin. and it did the exact same thing. I even tried renaming the file "1234.exe" and "1234.com" with the same result. Thanks-Chad

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 15 December 2011 - 12:42 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 afchad

afchad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 16 December 2011 - 11:16 AM

I ran the fix tdss and it came up with "Infected MBR detected", I clicked fix problem...it said repair succeeded. I restarted the computer...I then got message that said your computer was unable to start....startup repair started cking system for problems to automatically fix the problems. It said repairs could not be made automatically. I loaded my backup from the advanced recovery features? and the windows icon forms and then a blue screen flickers for second with white letters and the computer goes into the startup repair again. -Thanks, Chad

Im using the wifes computer now

Edited by afchad, 16 December 2011 - 11:17 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 16 December 2011 - 01:14 PM

System Recovery Environment

To access the System Recovery Environment , simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 afchad

afchad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 December 2011 - 01:46 AM

I typed the first one it hit enter and it said it was succesful...restarted compter..same thing. I typed the second one in..and it said it was succesful...restarted and got the same thing. Thanks, Chad

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 17 December 2011 - 01:59 AM

Hello

This is what we need to do

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:

    when you get to the "Choose a Recovery Tool" menu you will see at the top

    Operating System: Win 7 on (D:) OS

    Take note of the drive letter in red If it is not C then the commands below need to reflect the difference - change THe C: that are in below to what it shows above
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter After Each line


    CD X:
    C:
    cd boot
    attrib bcd -s -h -r
    ren c:\boot\bcd bcd.old
    bootrec /RebuildBcd

restart the computer and let me know if it booted ok

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 afchad

afchad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 December 2011 - 02:19 AM

it took all the commands...but i tried to restart and get the same result...-Chad

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 17 December 2011 - 02:34 AM

double post

Edited by gringo_pr, 17 December 2011 - 02:39 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 17 December 2011 - 02:36 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 afchad

afchad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 December 2011 - 03:39 AM

here you are Sir..-ChadAttached File  screenshot1.jpg   127.87KB   4 downloads

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 17 December 2011 - 03:44 AM

hello


I want you to right click on the os partition and select manage flags and in the window that opens select boot


restart the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users