Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Black Screen and cursor only 1

Status
Not open for further replies.

Dan62

Technical User
Apr 17, 2005
17
CA
HI.
I need your help to get rid of a nasty virus that is affecting my friend's laptop.

The laptop is running Vista home edition. When it boots all i have at the end is a black screen and a cursor only. Can't do anything, not even a CTRL-ALT-DELETE to access the task manager. Same thing with SAFE MODE. I have tried to boot with Hiren's boot CD, it boots well. i tryed to use some of the antivirus software that are included, none worked. I can't run HJT either.

I was able to see in the registry that i have this line of command in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : cmd.exe /k start cmd.exe

I have changed it for explorer.exe. When i reboot no success it rewrite itself in the registry.

I have no option except backing up and reinstall. I don't want to do it right now if a solution can be found.

Any help from you would be greatly appreciated.
 
try this,
get a windows XP Home boot disk, preferably the original one you installed your windows with, boot to the disk and when the first prompt asks if you want to repair windows, say no/continue but after windows searches if there are any existing Windows installation then push R to repair that one. (this is not the windows repair console, if you get into there, reboot and try again) This should not erase any of your programs, but reinstalls the windows components. After this, you should be able to boot back into windows and you can run virus scans after that.
 
The laptop is running Vista Home Edition. Can i use a XP cd ??
 
Hi, sorry but i don't have the CD. I don't know if my friend has it. He got the laptop from the company he work for when they decided to upgrade the PCs for new ones.
Is there a way to create this CD?.

Regards
 
Is there a way to create this CD?.
You can create a recovery CD but if your system is compromised, you may have to look at other options. Just out of curiosity, have you used something like CCleaner or HiJackThis to stop start-up processes?


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
I need your help to get rid of a nasty virus that is affecting my friend's laptop.
ERM! how do you know it is a virus? from the description given it could well be just a file corruption, a system driver issue, or even a hardware fault...

I was able to see in the registry that i have this line of command in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon : cmd.exe /k start cmd.exe
how? on your own PC or on your friends laptop?
I have changed it for explorer.exe. When i reboot no success it rewrite itself in the registry.
if it was on your FRIENDS laptop, using HBCD or UBCD, you need to first IMPORT the HIVE from the laptop drive, and MOST importantly EXPORT it out again... just changing it will not SAVE the information...

see:

How to edit the registry offline using BartPE boot CD ?



Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
To BadBigBen: Thks for your help. I assumed it's a virus from the research i've done on the web. If it was a driver or hardwire issue would i be able to do a CTRL-ALT-DELETE to access the task manager. I have changed the registry on my friend's laptop. I will follow the instructions as per the link you provided me. tks again.

To 2ffat : Like i said the only way to acces the Laptop HD is by using Hirens Boot CD. HJT will scan the mini xp registry instead of the one on the HD. I can't use Ccleaner fomt the CD or you may know a way to use from a command prompt which i dout. Thak for your help too !
 
another Vista Home CD would probably work, but the OEM license key on the sticker on the bottom of your laptop will probably not work. You can purchase another copy or go through other ways to get another copy. But doing a repair installation should fix corrupted Vista files and get your system up and running, but remember to run scans after the system is back up.
 
Thanks BadBigBen,

i'm guessing Dan62 is going to get another copy somewhere/somehow because he mentioned he doesn't have the recovery cds anymore.
 
Hi all,

I was able to found a Vista CD from one of my friend , i will have it tomorrow. I will try to do a repair of Windows. I will keep you posted. In the mean while i have tried other solutions like looking at the system.ini file..it's not infected. Ran superantispyware, DR WEB, from HBCD, no luck of finding a virus of some sort. If i can get into safe mode it would help me lot, but for the moment i'm in a dead end.[ponder] Thank you for your help.
 
If you still believe it's a virus or trojan, attach the Vista hard disk as a secondary drive to another clean system, then scan it using that system's up-to-date antivirus programme.

ROGER - G0AOZ.
 
You may also want to do a thorough diagnostic of the hard drive, too. Sometimes when you get a back spot on the drive you can end up with problems like these.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
Tks 2ffat, i'll will do it and let you know.
 
the various boot disks, such as the one you mentioned usually have various "boot fixers" as well as diagnostics programs built in. It wouldn't hurt trying at least one of the hard drive diagnostics apps.

If it is a problem with the physical hard drive, then doing a repair install of Vista won't help anything... long term... I suppose you could end up working around the problem temporarily, though.

So, definitely, I'd suggest scanning for hardware issues first. Your reasons for believing it's a virus don't seem accurate at all. Well, I'm referring specifically to this comment:
I assumed it's a virus from the research I've done on the web. If it was a driver or hardware issue would i be able to do a CTRL-ALT-DELETE to access the task manager.

Whether or not you can access the task manager has no bearing on whether it's a hardware, software, or malware issue. That may not help at this point, but keep it in mind for further issues.
 
Thks kjv611,

I have done some Hard drive testing running the apps included on the HBCD. Every test showed a clean HD. At this point i don't know what to look for. This week-end i will remove the HD and scan it from another PC that i use only for malware scanning, Any suggestion will be appreciated.
Regards
 
Also... were you ever able to get to the F8 options before going into Windows? If not, see if you can restore it to a previous time with that? Or use the Last Known Working Config... if that shows, I forget whether that's still an option any longer... and not to mention (usually only with the install or repair disk), using the auto-fix features built into Vista. Sometimes they work, sometimes they don't. And sometimes when they DO work, they take forever.
 
Hi All,

Finally, i was able to get an OTL report using the OLT Boot disk. Please take a look at it and let me know what could be wrong.
Here is the report:

OTL logfile created on: 12/7/2010 7:24:29 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 29.69 Gb Free Space | 46.06% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.46 Gb Free Space | 64.62% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/08/14 00:54:19 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/02 14:12:00 | 000,166,944 | ---- | M] (Vidéotron) [Auto] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/03/02 14:10:30 | 000,382,208 | ---- | M] (Vidéotron) [Auto] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\Fws.exe -- (RP_FWS)
SRV - [2010/03/02 12:18:06 | 000,689,392 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe -- (ServicepointService)
SRV - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/10/23 12:25:54 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\scan.dll -- (scan)
SRV - [2009/06/08 11:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 11:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | System] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/05/31 20:57:12 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2009/11/26 08:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 08:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 14:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 14:27:00 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 14:27:00 | 000,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand] -- C:\Program Files\Videotron\Services de sécurité Vidéotron\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 14:27:00 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 12:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Boot] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/07/10 03:46:18 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/07/10 03:46:18 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/07/10 03:46:18 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/11 23:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/08 00:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/25 00:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/20 14:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 14:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 14:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/20 12:51:10 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/18 01:13:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/11 18:10:40 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/11 18:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/11 18:10:38 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/11 18:10:38 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel®
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/30 10:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Andrée_&_Robert_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\Andrée_&_Robert_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\Andrée_&_Robert_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Andrée_&_Robert_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\Andrée_&_Robert_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Andrée_&_Robert_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/03 22:42:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Andrée_&_Robert_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Andrée_&_Robert_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [VideotronSA.exe] C:\Program Files\Videotron\Videotron Service Agent\VideotronSA.exe (Vidéotron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Andrée_&_Robert_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{02526a5e-5a70-11df-9ec5-0019b982366c}\Shell - "" = AutoRun
O33 - MountPoints2\{02526a5e-5a70-11df-9ec5-0019b982366c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 12:54:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/30 16:42:58 | 000,000,000 | ---D | C] -- C:\SAV32CLI
[2010/11/25 16:27:02 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/25 16:21:58 | 000,000,000 | -HSD | C] -- C:\found.003

========== Files - Modified Within 30 Days ==========

[2010/12/07 01:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/30 14:58:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/30 14:58:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/29 19:23:19 | 000,015,360 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/11/27 06:15:27 | 238,985,059 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/23 20:01:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 20:01:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 20:01:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A683F24E-D6F8-4F3F-A537-FB325C429400}.job
[2010/11/22 20:10:00 | 2011,910,277 | ---- | M] () -- C:\Users\Andrée & Robert\Documents\Ma sauvegarde.zip
[2010/11/09 21:01:09 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/11/09 21:01:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/09 21:01:09 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/11/09 21:01:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/08 09:42:08 | 003,905,929 | ---- | M] () -- C:\Users\Andrée & Robert\Desktop\ComboFix.exe

========== Files Created - No Company Name ==========

[2010/11/30 14:58:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/11/30 14:58:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/11/30 14:05:46 | 003,905,929 | ---- | C] () -- C:\Users\Andrée & Robert\Desktop\ComboFix.exe
[2010/11/22 03:01:58 | 2011,910,277 | ---- | C] () -- C:\Users\Andrée & Robert\Documents\Ma sauvegarde.zip
[2010/11/07 20:58:55 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A683F24E-D6F8-4F3F-A537-FB325C429400}.job
[2009/11/16 00:24:09 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/10/21 12:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2007/11/17 00:38:12 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/07/22 21:37:45 | 000,028,672 | ---- | C] () -- C:\Users\Andrée & Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/10 03:49:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/10 03:49:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/10 03:49:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/07/09 20:11:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2009/09/28 10:37:15 | 000,000,000 | ---D | M] -- C:\Users\Andrée & Robert\AppData\Roaming\LimeWire
[2009/05/09 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\Andrée & Robert\AppData\Roaming\Simple Star
[2010/05/31 21:02:13 | 000,000,000 | ---D | M] -- C:\Users\Andrée & Robert\AppData\Roaming\Videotron
[2010/11/18 21:57:07 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/23 20:01:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A683F24E-D6F8-4F3F-A537-FB325C429400}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/09/12 14:04:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????????????g) -- C:\Windows\System32\????????????????????????????????????????????g
[2009/09/12 14:04:08 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????????????g) -- C:\Windows\System32\????????????????????????????????????????????g

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Andrée & Robert\Documents\Recettes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Andrée & Robert\Documents\Personnel AB:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Andrée & Robert\Documents\Mes fichiers reçus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Andrée & Robert\Documents\DLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Andrée & Robert\Documents\Budget AB-RC:Roxio EMC Stream
< End of report >
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top