Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to boot completely [Solved]


  • This topic is locked This topic is locked

#1
gr8joel

gr8joel

    Member

  • Member
  • PipPipPip
  • 200 posts
Good evening fellow geeks to go members.

Today my genius brother downloaded some fake codec that was associated with a video clip that he downloaded from who knows where.

He told me that the video clip asked of him to download something further so that the video clip could play. I highly believe that this "codec" supposedly for windows media player is the problem.

Actually I know for a fact because he had a copy of the video file, and I transferred it to my computer and tried to play it as well. It was like a 10 second video clip that was supposed to be about 20 minutes. So obviously it was fake. The video also popped a message up and asked me to download a codec but I refused and deleted the video clip.

I also deleted the video clip from his computer.

The only way I can use his computer is through "safe mode" or "safe mode with networking"

I have already tried mal-ware bytes anti-malware and it found about 3 errors and I removed them, but I still believe that the virus is in the computer because I still cannot boot normally. I can only boot in safe mode.

Sorry for it being such a long story, I just wanted to give all the details that lead up to this point so that I could help.

Thank you very much in advance

By the way, the computer is a netbook asus Eee pc

Edited by gr8joel, 20 February 2010 - 10:36 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
OTS logfile created on: 2/21/2010 10:27:49 AM - Run 1

OTS by OldTimer - Version 3.1.22.0	 Folder = C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,015.00 Mb Total Physical Memory | 798.00 Mb Available Physical Memory | 79.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144.12 Gb Total Space | 110.17 Gb Free Space | 76.44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: YOUR-QS7Q3M71UK

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

 

[Processes - Safe List]

ots.exe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\OTS.exe -> [2010/02/21 10:23:47 | 000,632,320 | ---- | M] (OldTimer Tools)

explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

 

[Modules - Safe List]

ots.exe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\OTS.exe -> [2010/02/21 10:23:47 | 000,632,320 | ---- | M] (OldTimer Tools)

framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation)

 

[Win32 Services - Safe List]

(JavaQuickStarterService) Java Quick Starter [Auto | Stopped] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/12/30 14:27:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)

(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/12/17 16:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.)

(Norton Internet Security) Norton Internet Security [Auto | Stopped] -> C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -> [2009/08/25 16:09:09 | 000,117,640 | R--- | M] (Symantec Corporation)

(fsssvc) Windows Live Family Safety [On_Demand | Stopped] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/02/06 17:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation)

(SeaPort) SeaPort [Auto | Stopped] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.)

(YahooAUService) Yahoo! Updater [Auto | Stopped] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)

(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation)

(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation)

(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation)

 

[Driver Services - Safe List]

(NAVEX15) NAVEX15 [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100220.006\NAVEX15.SYS -> [2010/02/03 01:00:00 | 001,324,720 | ---- | M] (Symantec Corporation)

(NAVENG) NAVENG [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100220.006\NAVENG.SYS -> [2010/02/03 01:00:00 | 000,084,912 | ---- | M] (Symantec Corporation)

(ccHP) Symantec Hash Provider [Kernel | System | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -> [2010/01/27 18:51:27 | 000,482,432 | ---- | M] (Symantec Corporation)

(sptd) sptd [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2010/01/03 18:14:38 | 000,691,696 | ---- | M] (Duplex Secure Ltd.)

(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2009/12/30 20:27:28 | 000,124,976 | ---- | M] (Symantec Corporation)

(eeCtrl) Symantec Eraser Control driver [Kernel | System | Stopped] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/12/30 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)

(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/12/30 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation)

(IDSxpx86) IDSxpx86 [Kernel | System | Stopped] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys -> [2009/11/05 01:30:40 | 000,329,592 | ---- | M] (Symantec Corporation)

(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -> [2009/08/25 16:09:10 | 000,310,320 | ---- | M] (Symantec Corporation)

(SRTSP) Symantec Real Time Storage Protection [File_System | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -> [2009/08/25 16:09:10 | 000,308,272 | ---- | M] (Symantec Corporation)

(BHDrvx86) Symantec Heuristics Driver [Kernel | System | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -> [2009/08/25 16:09:10 | 000,259,632 | ---- | M] (Symantec Corporation)

(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -> [2009/08/25 16:09:10 | 000,217,136 | ---- | M] (Symantec Corporation)

(SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -> [2009/08/25 16:09:10 | 000,089,904 | ---- | M] (Symantec Corporation)

(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -> [2009/08/25 16:09:10 | 000,043,696 | ---- | M] (Symantec Corporation)

(SYMNDIS) Symantec Network Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -> [2009/08/25 16:09:10 | 000,036,400 | ---- | M] (Symantec Corporation)

(SYMIDS) Symantec Network Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -> [2009/08/25 16:09:10 | 000,033,072 | ---- | M] (Symantec Corporation)

(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SymIM.sys -> [2009/08/25 16:08:51 | 000,036,400 | R--- | M] (Symantec Corporation)

(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SymIM.sys -> [2009/08/25 16:08:51 | 000,036,400 | R--- | M] (Symantec Corporation)

(RT80x86) Ralink 802.11n Wireless Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2860.sys -> [2009/07/10 17:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.)

(AmUStor) AM USB Stroage Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\AmUStor.dll -> [2009/05/05 13:08:52 | 000,009,216 | R--- | M] (Alcor Micro, Corp.)

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/04/27 03:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.)

(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2009/04/09 05:14:28 | 000,208,816 | ---- | M] (Synaptics Incorporated)

(AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\athw.sys -> [2009/03/13 22:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.)

(SNP2UVC) USB2.0 PC Camera (SNP2UVC) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\snp2uvc.sys -> [2009/03/13 15:32:18 | 001,759,616 | ---- | M] ()

(L1c) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\l1c51x86.sys -> [2009/03/01 21:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.)

(fssfltr) fssfltr [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -> [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation)

(uvclf) uvclf [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\uvclf.sys -> [2008/11/19 00:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.)

(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iaStor.sys -> [2008/09/11 21:32:56 | 000,327,192 | ---- | M] (Intel Corporation)

(Ambfilt) Ambfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Ambfilt.sys -> [2008/08/05 04:10:12 | 001,684,736 | ---- | M] (Creative)

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/14 04:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2008/04/14 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.)

(AsusACPI) ASUS ACPI Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASUSACPI.SYS -> [2008/04/08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.)

(sscdmdm) SAMSUNG Mobile Modem Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sscdmdm.sys -> [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation)

(sscdmdfl) SAMSUNG Mobile Modem Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sscdmdfl.sys -> [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation)

(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sscdbus.sys -> [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation)

(ialm) ialm [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/12/19 07:32:12 | 005,854,688 | ---- | M] (Intel Corporation)

(StarOpen) StarOpen [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\StarOpen.sys -> [2006/07/24 16:05:00 | 000,005,632 | ---- | M] ()

(Monfilt) Monfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Monfilt.sys -> [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.)

 

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" ->  -> 

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\] > -> -> 

HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\: Main\\"Start Page" -> http://asus.msn.com -> 

HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\: "ProxyEnable" -> 0 -> 

< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Mozilla\FireFox\Profiles\car33vh3.default\prefs.js -> 

extensions.enabledItems -> {0df6a04c-42bd-e725-9ffa-82408b81ea74}:4.6.6.3 ->

extensions.enabledItems -> [email protected]:1.0 ->

< FireFox Settings [User.js] > -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Mozilla\FireFox\Profiles\car33vh3.default\user.js -> 

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\extensions ->  -> 

HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\] -> [2010/02/20 12:19:28 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions ->  -> 

HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/04 14:08:58 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/02 01:08:16 | 000,000,000 | ---D | M]

< FireFox Extensions [User Folders] > -> 

  -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Mozilla\Extensions -> [2010/02/20 15:33:04 | 000,000,000 | ---D | M]

  -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Mozilla\Firefox\Profiles\car33vh3.default\extensions -> [2010/02/20 15:35:41 | 000,000,000 | ---D | M]

< FireFox Extensions [Program Folders] > -> 

  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/02/19 14:56:25 | 000,000,000 | ---D | M]

LoudMo Contextual Ad Assistant   -> C:\Program Files\Mozilla Firefox\extensions\{0df6a04c-42bd-e725-9ffa-82408b81ea74} -> [2010/02/08 23:24:50 | 000,000,000 | ---D | M]

< HOSTS File > ([2008/04/14 04:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 

Reset Hosts

127.0.0.1	   localhost

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/19 17:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 22:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated)

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/07/15 12:07:48 | 001,586,472 | ---- | M] (Skype Technologies S.A.)

{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Symantec NCO BHO] -> [2009/08/25 16:09:07 | 000,378,736 | R--- | M] (Symantec Corporation)

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll [Symantec Intrusion Prevention] -> [2009/08/25 16:09:08 | 000,107,896 | R--- | M] (Symantec Corporation)

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [Search Helper] -> [2009/01/14 16:49:24 | 000,092,504 | ---- | M] (Microsoft Corp.)

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/12/30 14:27:41 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 17:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/12/30 14:27:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/19 17:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

"" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)

"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2009/11/24 07:39:08 | 000,953,800 | ---- | M] ()

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2009/08/25 16:09:07 | 000,378,736 | R--- | M] (Symantec Corporation)

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2009/09/19 17:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"AsusACPIServer" -> C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe] -> [2009/04/16 18:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.)

"AsusEPCMonitor" -> C:\Program Files\EeePC\ACPI\AsEPCMon.exe [C:\Program Files\EeePC\ACPI\AsEPCMon.exe] -> [2009/03/13 15:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.)

"AsusTray" -> C:\Program Files\EeePC\ACPI\AsTray.exe [C:\Program Files\EeePC\ACPI\AsTray.exe] -> [2009/04/16 17:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.)

"GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation)

"HotKeysCmds" -> C:\WINDOWS\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2007/12/19 07:08:12 | 000,159,744 | ---- | M] (Intel Corporation)

"IgfxTray" -> C:\WINDOWS\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2007/12/19 07:08:08 | 000,135,168 | ---- | M] (Intel Corporation)

"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2008/04/14 04:00:00 | 000,208,952 | ---- | M] (Microsoft Corporation)

"LiveUpdate" -> C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto] -> [2009/06/25 10:25:40 | 000,712,704 | ---- | M] ()

"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation)

"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2008/04/14 04:00:00 | 000,059,392 | ---- | M] ()

"Persistence" -> C:\WINDOWS\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2007/12/19 07:07:42 | 000,131,072 | ---- | M] (Intel Corporation)

"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2008/04/14 04:00:00 | 000,455,168 | ---- | M] (Microsoft Corporation)

"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2008/04/14 04:00:00 | 000,455,168 | ---- | M] (Microsoft Corporation)

"RTHDCPL" -> C:\WINDOWS\RTHDCPL.EXE [RTHDCPL.EXE] -> [2009/04/27 01:08:42 | 017,881,088 | ---- | M] (Realtek Semiconductor Corp.)

"snp2uvc" -> C:\WINDOWS\vsnp2uvc.exe [C:\WINDOWS\vsnp2uvc.exe] -> File not found

"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/12/30 14:27:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)

"SynAsusAcpi" -> C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe] -> [2009/04/09 05:13:52 | 000,079,144 | ---- | M] (Synaptics Incorporated)

"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2009/04/09 05:13:40 | 001,512,744 | ---- | M] (Synaptics Incorporated)

< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 

"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2010/01/07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation)

< Run [HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\] > -> HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

"Eee Docking" -> C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [C:\Program Files\ASUS\Eee Docking\Eee Docking.exe] -> [2009/07/27 15:58:38 | 000,397,312 | ---- | M] ()

< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 

< Administrator.YOUR-QS7Q3M71UK Startup Folder > -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Start Menu\Programs\Startup -> 

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk -> C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe -> [2009/03/25 09:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.)

< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 

< Richard Startup Folder > -> C:\Documents and Settings\Richard\Start Menu\Programs\Startup -> 

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"HonorAutoRunSetting" ->  [1] -> File not found

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500] > -> HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 

HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

\\"NoDriveTypeAutoRun" ->  [145] -> File not found

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\] > -> HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\Software\Microsoft\Internet Explorer\MenuExt\ -> 

E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2006/10/27 14:07:36 | 017,891,112 | ---- | M] (Microsoft Corporation)

Send to &Bluetooth Device... -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> File not found

Send To Bluetooth -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm] -> File not found

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 17:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 17:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2006/10/26 19:32:42 | 000,604,000 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2006/10/26 19:32:42 | 000,604,000 | ---- | M] (Microsoft Corporation)

{5067A26B-1337-4436-8AFE-EE169C2DA79F}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Menu: Skype add-on for Internet Explorer] -> [2009/07/15 12:07:48 | 001,586,472 | ---- | M] (Skype Technologies S.A.)

{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/07/15 12:07:48 | 001,586,472 | ---- | M] (Skype Technologies S.A.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 000,040,424 | ---- | M] (Microsoft Corporation)

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\] > -> HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\] > -> HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 

DhcpNameServer -> 192.168.10.1 -> 

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{060E8824-4B71-4D35-8407-BD7EEB9EEF06}\\DhcpNameServer -> 192.168.10.1   (Atheros AR9285 Wireless Network Adapter) -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/12/19 07:07:04 | 000,208,896 | ---- | M] (Intel Corporation)

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation)

< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 17:23:32 | 001,170,272 | ---- | M] (Microsoft Corporation)

< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 

"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/12/30 14:27:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)

"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2006/10/27 15:37:44 | 000,338,216 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2006/10/27 14:03:04 | 001,018,664 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2006/10/27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/07/16 14:46:52 | 025,604,904 | R--- | M] (Skype Technologies S.A.)

"C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus] -> File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/02/06 17:23:32 | 001,170,272 | ---- | M] (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2009/11/10 15:39:26 | 005,244,216 | ---- | M] (Yahoo! Inc.)

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 -> 

"DisplayName" -> CD-ROM Driver -> 

"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > ->  -> 

C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/08/11 05:16:06 | 000,000,000 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 

\{c7cf2138-863c-11de-bb57-806d6172696f}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell

\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun

\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command

\{c7cf2138-863c-11de-bb57-806d6172696f}\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 

comfile [open] -> "%1" %* -> 

exefile [open] -> "%1" %* -> 

 

[Registry - Additional Scans - Safe List]

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 

batfile [open] -> "%1" %* -> 

cmdfile [open] -> "%1" %* -> 

comfile [open] -> "%1" %* -> 

exefile [open] -> "%1" %* -> 

htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2006/10/26 19:12:34 | 000,067,896 | ---- | M] (Microsoft Corporation)

htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2006/10/26 19:12:34 | 000,067,896 | ---- | M] (Microsoft Corporation)

http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

piffile [open] -> "%1" %* -> 

regfile [merge] -> Reg Error: Key error.

scrfile [config] -> "%1" -> 

scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/14 04:00:00 | 000,135,168 | ---- | M] (Microsoft Corporation)

scrfile [open] -> "%1" /S -> 

txtfile [edit] -> Reg Error: Key error.

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 

Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

Directory [OneNote.Open] -> C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" -> [2006/10/27 14:03:04 | 001,018,664 | ---- | M] (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Application [ Error ] 1/6/2010 3:27:10 PM Computer Name = YOUR-QS7Q3M71UK | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 1/7/2010 4:25:45 PM Computer Name = YOUR-QS7Q3M71UK | Source = Application Hang | ID = 1002 -> Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Application [ Error ] 1/17/2010 3:32:30 PM Computer Name = YOUR-QS7Q3M71UK | Source = Application Error | ID = 1000 -> Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module duser.dll, version 5.1.2600.5512, fault address 0x0001e641.

Application [ Error ] 1/21/2010 11:19:36 AM Computer Name = YOUR-QS7Q3M71UK | Source = Application Error | ID = 1000 -> Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5.

Application [ Error ] 1/22/2010 9:28:29 PM Computer Name = YOUR-QS7Q3M71UK | Source = Application Error | ID = 1000 -> Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5.

Application [ Error ] 1/28/2010 3:48:25 AM Computer Name = YOUR-QS7Q3M71UK | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved  

Application [ Error ] 2/8/2010 12:38:33 AM Computer Name = YOUR-QS7Q3M71UK | Source = Application Error | ID = 1000 -> Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5.

Application [ Error ] 2/9/2010 10:33:56 PM Computer Name = YOUR-QS7Q3M71UK | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System [ Error ] 2/21/2010 12:36:58 AM Computer Name = YOUR-QS7Q3M71UK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

System [ Error ] 2/21/2010 2:12:52 PM Computer Name = YOUR-QS7Q3M71UK | Source = sptd | ID = 262148 -> Description = Driver detected an internal error in its data structures for .

System [ Error ] 2/21/2010 2:13:05 PM Computer Name = YOUR-QS7Q3M71UK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

System [ Error ] 2/21/2010 2:13:59 PM Computer Name = YOUR-QS7Q3M71UK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service wuauserv with arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

System [ Error ] 2/21/2010 2:14:13 PM Computer Name = YOUR-QS7Q3M71UK | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   BHDrvx86  ccHP  eeCtrl  Fips  IDSxpx86  intelppm  sptd  SRTSPX  StarOpen  SYMTDI

System [ Error ] 2/21/2010 2:18:49 PM Computer Name = YOUR-QS7Q3M71UK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

System [ Error ] 2/21/2010 2:20:19 PM Computer Name = YOUR-QS7Q3M71UK | Source = sptd | ID = 262148 -> Description = Driver detected an internal error in its data structures for .

System [ Error ] 2/21/2010 2:20:36 PM Computer Name = YOUR-QS7Q3M71UK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

System [ Error ] 2/21/2010 2:21:09 PM Computer Name = YOUR-QS7Q3M71UK | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service wuauserv with arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

System [ Error ] 2/21/2010 2:21:39 PM Computer Name = YOUR-QS7Q3M71UK | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   BHDrvx86  ccHP  eeCtrl  Fips  IDSxpx86  intelppm  sptd  SRTSPX  StarOpen  SYMTDI

 

[Files/Folders - Created Within 30 Days]

 OTS.exe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\OTS.exe -> [2010/02/21 10:23:47 | 000,632,320 | ---- | C] (OldTimer Tools)

 PrivacIE -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\PrivacIE -> [2010/02/21 10:15:09 | 000,000,000 | -HSD | C]

 Macromedia -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Macromedia -> [2010/02/20 19:35:08 | 000,000,000 | ---D | C]

 Adobe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Adobe -> [2010/02/20 19:34:47 | 000,000,000 | ---D | C]

 Azureus -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Azureus -> [2010/02/20 19:34:03 | 000,000,000 | ---D | C]

 Malwarebytes -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Malwarebytes -> [2010/02/20 15:38:09 | 000,000,000 | ---D | C]

 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/02/20 15:38:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation)

 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/02/20 15:38:02 | 000,000,000 | ---D | C]

 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/02/20 15:38:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation)

 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/02/20 15:38:01 | 000,000,000 | ---D | C]

 mbam-setup.exe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\mbam-setup.exe -> [2010/02/20 15:37:17 | 005,115,840 | ---- | C] (Malwarebytes Corporation									)

 Downloads -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents\Downloads -> [2010/02/20 15:37:17 | 000,000,000 | ---D | C]

 Mozilla -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\Mozilla -> [2010/02/20 15:32:57 | 000,000,000 | ---D | C]

 Mozilla -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Mozilla -> [2010/02/20 15:32:56 | 000,000,000 | ---D | C]

 Microsoft -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Microsoft -> [2010/02/20 14:48:42 | 000,000,000 | --SD | C]

 SendTo -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\SendTo -> [2010/02/20 14:48:42 | 000,000,000 | RH-D | C]

 Recent -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Recent -> [2010/02/20 14:48:42 | 000,000,000 | RH-D | C]

 Application Data -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data -> [2010/02/20 14:48:42 | 000,000,000 | RH-D | C]

 Start Menu -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Start Menu -> [2010/02/20 14:48:42 | 000,000,000 | R--D | C]

 My Pictures -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents\My Pictures -> [2010/02/20 14:48:42 | 000,000,000 | R--D | C]

 My Music -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents\My Music -> [2010/02/20 14:48:42 | 000,000,000 | R--D | C]

 My Documents -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents -> [2010/02/20 14:48:42 | 000,000,000 | R--D | C]

 Favorites -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Favorites -> [2010/02/20 14:48:42 | 000,000,000 | R--D | C]

 IETldCache -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\IETldCache -> [2010/02/20 14:48:42 | 000,000,000 | -HSD | C]

 Cookies -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Cookies -> [2010/02/20 14:48:42 | 000,000,000 | -HSD | C]

 Templates -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Templates -> [2010/02/20 14:48:42 | 000,000,000 | -H-D | C]

 PrintHood -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\PrintHood -> [2010/02/20 14:48:42 | 000,000,000 | -H-D | C]

 NetHood -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\NetHood -> [2010/02/20 14:48:42 | 000,000,000 | -H-D | C]

 Local Settings -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings -> [2010/02/20 14:48:42 | 000,000,000 | -H-D | C]

 My Videos -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents\My Videos -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 My Office -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents\My Office -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 My Ebooks -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\My Documents\My Ebooks -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 Microsoft Help -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\Microsoft Help -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 Microsoft -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\Microsoft -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 InstallShield -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\InstallShield -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 Identities -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Identities -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 Desktop -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 ApplicationHistory -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\ApplicationHistory -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 Adobe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\Adobe -> [2010/02/20 14:48:42 | 000,000,000 | ---D | C]

 da12892a363743e2751ff7 -> C:\da12892a363743e2751ff7 -> [2010/02/10 07:25:00 | 000,000,000 | ---D | C]

 MSXML 4.0 -> C:\Program Files\MSXML 4.0 -> [2010/02/10 07:21:50 | 000,000,000 | ---D | C]

 boomshine -> C:\boomshine -> [2010/02/09 00:57:56 | 000,000,000 | ---D | C]

 phoneapps -> C:\phoneapps -> [2010/02/09 00:03:41 | 000,000,000 | ---D | C]

 framedyn.dll -> C:\WINDOWS\System32\framedyn.dll -> [2010/02/08 22:42:28 | 000,174,592 | ---- | C] (Microsoft Corporation)

 DIFX -> C:\Program Files\DIFX -> [2010/02/08 22:42:12 | 000,000,000 | ---D | C]

 sscdmdm.sys -> C:\WINDOWS\System32\drivers\sscdmdm.sys -> [2010/02/08 22:41:59 | 000,114,304 | ---- | C] (MCCI Corporation)

 sscdbus.sys -> C:\WINDOWS\System32\drivers\sscdbus.sys -> [2010/02/08 22:41:59 | 000,087,936 | ---- | C] (MCCI Corporation)

 sscdmdfl.sys -> C:\WINDOWS\System32\drivers\sscdmdfl.sys -> [2010/02/08 22:41:59 | 000,014,976 | ---- | C] (MCCI Corporation)

 sscdcmnt.sys -> C:\WINDOWS\System32\drivers\sscdcmnt.sys -> [2010/02/08 22:41:59 | 000,012,160 | ---- | C] (MCCI Corporation)

 sscdcm.sys -> C:\WINDOWS\System32\drivers\sscdcm.sys -> [2010/02/08 22:41:59 | 000,012,160 | ---- | C] (MCCI Corporation)

 sscdwhnt.sys -> C:\WINDOWS\System32\drivers\sscdwhnt.sys -> [2010/02/08 22:41:58 | 000,012,160 | ---- | C] (MCCI Corporation)

 sscdwh.sys -> C:\WINDOWS\System32\drivers\sscdwh.sys -> [2010/02/08 22:41:58 | 000,012,160 | ---- | C] (MCCI Corporation)

 Samsung_USB_Drivers -> C:\WINDOWS\System32\Samsung_USB_Drivers -> [2010/02/08 22:41:51 | 000,000,000 | ---D | C]

 Samsung -> C:\Program Files\Samsung -> [2010/02/08 22:41:07 | 000,000,000 | ---D | C]

 Toolbar4 -> C:\Documents and Settings\All Users\Application Data\Toolbar4 -> [2010/02/02 01:11:43 | 000,000,000 | ---D | C]

 Microsoft Visual Studio -> C:\Program Files\Microsoft Visual Studio -> [2010/02/02 01:07:31 | 000,000,000 | ---D | C]

 Microsoft Visual Studio 8 -> C:\Program Files\Microsoft Visual Studio 8 -> [2010/02/02 01:02:08 | 000,000,000 | ---D | C]

 Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion -> [2010/01/28 01:47:32 | 000,000,000 | ---D | C]

 Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! -> [2010/01/28 01:46:48 | 000,000,000 | ---D | C]

 Yahoo! -> C:\Program Files\Yahoo! -> [2010/01/28 01:43:35 | 000,000,000 | ---D | C]

 Norton Security Scan -> C:\Program Files\Norton Security Scan -> [2010/01/27 18:01:03 | 000,000,000 | ---D | C]

 GraphCalc -> C:\Program Files\GraphCalc -> [2010/01/26 21:24:55 | 000,000,000 | ---D | C]

 ptpusb.dll -> C:\WINDOWS\System32\ptpusb.dll -> [2010/01/26 18:45:27 | 000,005,632 | ---- | C] (Microsoft Corporation)

 ptpusd.dll -> C:\WINDOWS\System32\ptpusd.dll -> [2010/01/26 18:45:26 | 000,159,232 | ---- | C] (Microsoft Corporation)

 usbscan.sys -> C:\WINDOWS\System32\dllcache\usbscan.sys -> [2010/01/26 18:45:25 | 000,015,104 | ---- | C] (Microsoft Corporation)

 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2010/01/02 21:00:35 | 000,000,000 | --SD | M]

 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2010/01/02 18:41:52 | 000,000,000 | ---D | M]

 csnp2uvc.dll -> C:\WINDOWS\System32\csnp2uvc.dll -> [2009/08/11 23:50:21 | 000,196,608 | ---- | C] ( )

 rsnp2uvc.dll -> C:\WINDOWS\System32\rsnp2uvc.dll -> [2009/08/11 23:50:19 | 000,225,280 | ---- | C] ( )

 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/08/11 05:19:05 | 000,000,000 | ---D | M]

 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/08/11 05:16:02 | 000,000,000 | --SD | M]

 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

 

[Files/Folders - Modified Within 30 Days]

 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/02/21 10:24:12 | 000,525,770 | ---- | M] ()

 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/02/21 10:24:12 | 000,444,028 | ---- | M] ()

 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/02/21 10:24:12 | 000,071,904 | ---- | M] ()

 OTS.exe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\OTS.exe -> [2010/02/21 10:23:47 | 000,632,320 | ---- | M] (OldTimer Tools)

 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/02/21 10:20:03 | 000,002,048 | --S- | M] ()

 NTUSER.DAT -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\NTUSER.DAT -> [2010/02/21 10:18:49 | 001,572,864 | -H-- | M] ()

 ntuser.ini -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\ntuser.ini -> [2010/02/21 10:18:49 | 000,000,178 | -HS- | M] ()

 IconCache.db -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\IconCache.db -> [2010/02/21 10:18:48 | 004,959,888 | -H-- | M] ()

 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/02/21 10:14:48 | 000,001,324 | ---- | M] ()

 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/02/20 19:35:07 | 000,092,344 | ---- | M] ()

 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/20 15:38:07 | 000,000,696 | ---- | M] ()

 mbam-setup.exe -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\mbam-setup.exe -> [2010/02/20 15:37:18 | 005,115,840 | ---- | M] (Malwarebytes Corporation									)

 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/02/20 12:19:17 | 000,000,006 | -H-- | M] ()

 Cat.DB -> C:\WINDOWS\System32\drivers\NIS\1008000.029\Cat.DB -> [2010/02/10 13:43:48 | 000,575,856 | ---- | M] ()

 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/02/10 13:43:37 | 000,001,374 | ---- | M] ()

 LauncherAccess.dt -> C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt -> [2010/02/09 12:31:30 | 000,000,000 | ---- | M] ()

 Samsung PC Studio 3.lnk -> C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk -> [2010/02/08 22:41:09 | 000,000,673 | ---- | M] ()

 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/02/02 01:32:23 | 000,341,832 | ---- | M] ()

 win.ini -> C:\WINDOWS\win.ini -> [2010/02/02 01:14:48 | 000,000,582 | ---- | M] ()

 Norton Internet Security.lnk -> C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk -> [2010/01/27 23:48:33 | 000,002,244 | ---- | M] ()

 cchpx86.sys -> C:\WINDOWS\System32\drivers\NIS\1008000.029\cchpx86.sys -> [2010/01/27 18:51:27 | 000,482,432 | ---- | M] (Symantec Corporation)

 isolate.ini -> C:\WINDOWS\System32\drivers\NIS\1008000.029\isolate.ini -> [2010/01/27 18:51:24 | 000,000,172 | ---- | M] ()

 117 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

 117 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

 

[Files - No Company Name]

 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/02/20 15:38:07 | 000,000,696 | ---- | C] ()

 desktop.ini -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\desktop.ini -> [2010/02/20 14:48:43 | 000,000,062 | -HS- | C] ()

 IconCache.db -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\IconCache.db -> [2010/02/20 14:48:42 | 004,959,888 | -H-- | C] ()

 NTUSER.DAT -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\NTUSER.DAT -> [2010/02/20 14:48:42 | 001,572,864 | -H-- | C] ()

 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/02/20 14:48:42 | 000,092,344 | ---- | C] ()

 Install Norton Internet Security.lnk -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Desktop\Install Norton Internet Security.lnk -> [2010/02/20 14:48:42 | 000,000,691 | ---- | C] ()

 ntuser.ini -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\ntuser.ini -> [2010/02/20 14:48:42 | 000,000,178 | -HS- | C] ()

 LauncherAccess.dt -> C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt -> [2010/02/08 22:43:53 | 000,000,000 | ---- | C] ()

 Uninstall.ico -> C:\WINDOWS\System32\Uninstall.ico -> [2010/02/08 22:41:35 | 000,000,766 | ---- | C] ()

 StarOpen.sys -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2010/02/08 22:41:26 | 000,005,632 | ---- | C] ()

 Samsung PC Studio 3.lnk -> C:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk -> [2010/02/08 22:41:09 | 000,000,673 | ---- | C] ()

 FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2010/01/03 18:16:09 | 000,271,224 | ---- | C] ()

 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/12/30 14:25:25 | 000,085,504 | ---- | C] ()

 ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2009/12/30 14:25:25 | 000,000,547 | ---- | C] ()

 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2009/08/12 00:41:34 | 000,000,061 | ---- | C] ()

 snp2uvc.sys -> C:\WINDOWS\System32\drivers\snp2uvc.sys -> [2009/08/11 23:50:21 | 001,759,616 | ---- | C] ()

 sncduvc.sys -> C:\WINDOWS\System32\drivers\sncduvc.sys -> [2009/08/11 23:50:21 | 000,028,544 | ---- | C] ()

 snp2uvc.ini -> C:\WINDOWS\snp2uvc.ini -> [2009/08/11 23:50:21 | 000,015,497 | ---- | C] ()

 AsAcpiSvrLang.ini -> C:\WINDOWS\AsAcpiSvrLang.ini -> [2009/08/11 11:06:52 | 000,021,864 | ---- | C] ()

 AsTrayLang.ini -> C:\WINDOWS\AsTrayLang.ini -> [2009/08/11 11:06:52 | 000,012,208 | ---- | C] ()

 igfxCoIn_v4906.dll -> C:\WINDOWS\System32\igfxCoIn_v4906.dll -> [2009/08/11 10:51:31 | 000,147,456 | ---- | C] ()

 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2009/08/11 05:03:27 | 000,005,312 | ---- | C] ()

 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()

 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()

 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()

 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()

 

[File - Lop Check]

 Azureus -> C:\Documents and Settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Azureus -> [2010/02/20 19:38:40 | 000,000,000 | ---D | M]

 Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2009/12/30 14:31:36 | 000,000,000 | ---D | M]

 DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2010/01/03 18:14:23 | 000,000,000 | ---D | M]

 NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2010/02/08 00:48:16 | 000,000,000 | ---D | M]

 Ralink Driver -> C:\Documents and Settings\All Users\Application Data\Ralink Driver -> [2009/08/20 04:24:11 | 000,000,000 | ---D | M]

 Seagate -> C:\Documents and Settings\All Users\Application Data\Seagate -> [2010/01/17 10:37:58 | 000,000,000 | ---D | M]

 Toolbar4 -> C:\Documents and Settings\All Users\Application Data\Toolbar4 -> [2010/02/02 01:11:43 | 000,000,000 | ---D | M]

 Azureus -> C:\Documents and Settings\Richard\Application Data\Azureus -> [2010/02/02 01:30:56 | 000,000,000 | ---D | M]

 DAEMON Tools Lite -> C:\Documents and Settings\Richard\Application Data\DAEMON Tools Lite -> [2010/02/01 22:06:57 | 000,000,000 | ---D | M]

 Leadertech -> C:\Documents and Settings\Richard\Application Data\Leadertech -> [2010/01/17 10:34:56 | 000,000,000 | ---D | M]

 LimeWire -> C:\Documents and Settings\Richard\Application Data\LimeWire -> [2010/02/14 12:08:20 | 000,000,000 | ---D | M]

 NCH Swift Sound -> C:\Documents and Settings\Richard\Application Data\NCH Swift Sound -> [2010/01/02 21:08:32 | 000,000,000 | ---D | M]

 Samsung -> C:\Documents and Settings\Richard\Application Data\Samsung -> [2010/02/08 22:48:04 | 000,000,000 | ---D | M]

 Xilisoft Corporation -> C:\Documents and Settings\Richard\Application Data\Xilisoft Corporation -> [2010/01/07 23:54:10 | 000,000,000 | ---D | M]

 

[File - Purity Scan]

 

[Custom Scans]

< netsvcs >

< %SYSTEMDRIVE%\*.exe >

< MD5 Scans Start>

< %systemdrive%\AGP440.SYS  /md5 /s >

 AGP440.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/04/14 04:00:00 | 020,056,462 | ---- | M] ()

 AGP440.sys : .cab file  -> C:\WINDOWS\I386\sp3.cab:AGP440.sys -> [2008/04/14 04:00:00 | 020,056,462 | ---- | M] ()

< %systemdrive%\ATAPI.SYS  /md5 /s >

 atapi.sys : .cab file  -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/04/14 04:00:00 | 020,056,462 | ---- | M] ()

 atapi.sys : .cab file  -> C:\WINDOWS\I386\sp3.cab:atapi.sys -> [2008/04/14 04:00:00 | 020,056,462 | ---- | M] ()

 atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation)

< %systemdrive%\EVENTLOG.DLL  /md5 /s >

 eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\dllcache\eventlog.dll -> [2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation)

 eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation)

< %systemdrive%\IASTOR.SYS  /md5 /s >

 IASTOR.SYS : MD5=8EF427C54497C5F8A7A645990E4278C7 -> C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS -> [2008/09/11 21:32:56 | 000,327,192 | ---- | M] (Intel Corporation)

 iaStor.sys : MD5=8EF427C54497C5F8A7A645990E4278C7 -> C:\WINDOWS\OemDir\iaStor.sys -> [2008/09/11 21:32:56 | 000,327,192 | ---- | M] (Intel Corporation)

 iaStor.sys : MD5=8EF427C54497C5F8A7A645990E4278C7 -> C:\WINDOWS\system32\drivers\iaStor.sys -> [2008/09/11 21:32:56 | 000,327,192 | ---- | M] (Intel Corporation)

< %systemdrive%\NETLOGON.DLL  /md5 /s >

 netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\dllcache\netlogon.dll -> [2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation)

 netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation)

< %systemdrive%\SCECLI.DLL  /md5 /s >

 scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\dllcache\scecli.dll -> [2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation)

 scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation)

< MD5 Scans End>

< %systemroot%\*. /mp /s >

Error starting restore point: The function was called in safe mode.

Error closing restore point: The sequence number is invalid.

< %systemroot%\system32\*.dll /lockedfiles >

 1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav  >

 default.sav -> C:\WINDOWS\system32\config\default.sav -> [2009/08/10 22:09:15 | 000,094,208 | ---- | M] ()

 software.sav -> C:\WINDOWS\system32\config\software.sav -> [2009/08/10 22:09:15 | 001,064,960 | ---- | M] ()

 system.sav -> C:\WINDOWS\system32\config\system.sav -> [2009/08/10 22:09:15 | 000,909,312 | ---- | M] ()

< End of report >

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you try to get into normal mode what happens ? Is there an error or does it just hang

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [Program Folders] > -> 
YY -> LoudMo Contextual Ad Assistant   -> C:\Program Files\Mozilla Firefox\extensions\{0df6a04c-42bd-e725-9ffa-82408b81ea74}
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.]
[Custom Items]
:files
C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys /e
C:\WINDOWS\system32\drivers\AGP440.sys|C:\AGP440.sys /replace 
:end

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#5
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Yes the computer is still just hanging at the loading screen. The one where it says Microsoft Windows XP with the loading bar. It just keeps on loading and loading and loading. So I still have to boot in "Safe Mode with Networking"

Also do you know if there is any way to execute the "virus" in a controlled environment, or would that even be a considerable option here?
I highly believe the "virus" originated from the download location that the fake video asked my brother to install. So it may not be the actual video file that was the problem, but the "codec" for windows media player that screwed everything up.

Here is the log.

[Registry - Safe List]
C:\Program Files\Mozilla Firefox\extensions\{0df6a04c-42bd-e725-9ffa-82408b81ea74}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{0df6a04c-42bd-e725-9ffa-82408b81ea74}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{0df6a04c-42bd-e725-9ffa-82408b81ea74} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\ deleted successfully.
[Custom Items]
========== FILES ==========
AGP440.sys extracted to C:\
File C:\WINDOWS\system32\drivers\AGP440.sys successfully replaced with C:\AGP440.sys
< End of fix log >
OTS by OldTimer - Version 3.1.22.0 fix logfile created on 02212010_120219

Edited by gr8joel, 21 February 2010 - 02:16 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The reason I ask is that at the moment nothing is showing in this scan that would prevent you from booting - So time for a bigger hammer

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
ComboFix 10-02-21.02 - Administrator 02/21/2010 15:06:09.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.754 [GMT -8:00]
Running from: c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard\Application Data\setupv.exe
c:\recycler\S-1-5-21-4155940279-453244667-3627011575-1003
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-21 22:53 . 2010-02-21 22:53 -------- d-----w- c:\windows\LastGood
2010-02-21 20:02 . 2008-04-14 08:06 42368 ----a-w- c:\windows\system32\drivers\AGP440.sys
2010-02-21 20:02 . 2010-02-21 20:02 -------- d-----w- C:\_OTS
2010-02-21 20:02 . 2008-04-14 08:06 42368 ----a-w- C:\agp440.sys
2010-02-21 18:15 . 2010-02-21 18:15 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\PrivacIE
2010-02-21 03:34 . 2010-02-21 03:38 -------- d-----w- c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Azureus
2010-02-20 23:38 . 2010-02-20 23:38 -------- d-----w- c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Malwarebytes
2010-02-20 23:38 . 2010-02-20 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-20 23:32 . 2010-02-20 23:32 -------- d-----w- c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\Mozilla
2010-02-20 22:22 . 2010-02-20 22:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-10 22:39 . 2010-02-10 22:39 -------- d-sh--w- c:\documents and settings\Richard\IECompatCache
2010-02-10 15:25 . 2010-02-10 15:25 -------- d-----w- C:\da12892a363743e2751ff7
2010-02-10 15:21 . 2010-02-10 15:21 -------- d-----w- c:\program files\MSXML 4.0
2010-02-09 08:57 . 2010-02-09 08:57 -------- d-----w- C:\boomshine
2010-02-09 08:03 . 2010-02-11 08:30 -------- d-----w- C:\phoneapps
2010-02-09 06:48 . 2010-02-09 06:48 -------- d-----w- c:\documents and settings\Richard\Application Data\Samsung
2010-02-09 06:42 . 2006-05-04 06:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-02-09 06:42 . 2010-02-09 06:42 -------- d-----w- c:\program files\DIFX
2010-02-09 06:41 . 2008-02-22 23:33 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-02-09 06:41 . 2008-02-22 23:33 114304 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-02-09 06:41 . 2008-02-22 23:33 87936 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-02-09 06:41 . 2008-02-22 23:33 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-02-09 06:41 . 2008-02-22 23:33 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-02-09 06:41 . 2008-02-22 23:33 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-02-09 06:41 . 2008-02-22 23:33 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-02-09 06:41 . 2010-02-09 06:42 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-02-09 06:41 . 2006-07-25 00:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-02-09 06:41 . 2010-02-09 06:41 -------- d-----w- c:\program files\Samsung
2010-02-02 09:11 . 2010-02-02 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Toolbar4
2010-02-02 09:02 . 2010-02-02 09:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-30 07:07 . 2010-01-30 07:07 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Identities
2010-01-28 09:48 . 2010-01-28 14:23 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Yahoo
2010-01-28 09:47 . 2010-01-28 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-28 09:47 . 2010-01-28 09:48 -------- d-----w- c:\documents and settings\Richard\Application Data\Yahoo!
2010-01-28 09:46 . 2010-01-28 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-28 09:46 . 2009-11-10 22:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-01-28 09:43 . 2010-01-28 09:47 -------- d-----w- c:\program files\Yahoo!
2010-01-28 02:01 . 2010-01-28 19:51 -------- d-----w- c:\program files\Norton Security Scan
2010-01-27 05:24 . 2010-01-27 05:35 -------- d-----w- c:\program files\GraphCalc
2010-01-27 02:45 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-27 02:45 . 2008-04-14 13:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-27 02:45 . 2008-04-14 08:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-27 02:45 . 2008-04-14 08:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-23 20:42 . 2010-01-23 20:42 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 22:56 . 2009-12-30 22:16 -------- d-----w- c:\program files\Symantec
2010-02-21 22:56 . 2009-12-30 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-21 22:56 . 2009-12-30 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-21 18:14 . 2010-01-04 02:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-21 03:35 . 2010-02-20 22:48 92344 ----a-w- c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-14 20:08 . 2009-12-31 03:06 -------- d-----w- c:\documents and settings\Richard\Application Data\LimeWire
2010-02-09 06:41 . 2009-08-11 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 08:48 . 2010-01-03 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-08 08:48 . 2010-01-03 05:08 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-02 09:30 . 2009-12-30 22:31 -------- d-----w- c:\documents and settings\Richard\Application Data\Azureus
2010-02-02 09:20 . 2009-12-31 10:07 92344 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 09:18 . 2009-08-11 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-02 09:08 . 2010-01-03 00:50 -------- d-----w- c:\program files\MSBuild
2010-02-02 06:06 . 2010-01-04 02:14 -------- d-----w- c:\documents and settings\Richard\Application Data\DAEMON Tools Lite
2010-01-28 02:00 . 2009-12-30 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-26 20:37 . 2010-01-04 02:16 271224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-17 19:33 . 2010-01-17 18:36 -------- d-----w- c:\program files\Carbonite
2010-01-17 18:37 . 2010-01-17 18:37 -------- d-----w- c:\program files\Seagate
2010-01-17 18:37 . 2010-01-17 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-01-17 18:34 . 2010-01-17 18:34 -------- d-----w- c:\documents and settings\Richard\Application Data\Leadertech
2010-01-15 03:47 . 2010-01-15 03:44 -------- d-----w- c:\program files\4inaRow
2010-01-11 08:26 . 2010-01-11 08:26 4141117 ----a-w- c:\documents and settings\Richard\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-01-11 08:26 . 2010-01-11 08:26 6516755 ----a-w- c:\documents and settings\Richard\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2010-01-09 03:34 . 2010-01-09 03:34 0 ----a-w- c:\documents and settings\Richard\Application Data\wklnhst.dat
2010-01-08 07:54 . 2010-01-08 07:54 -------- d-----w- c:\documents and settings\Richard\Application Data\Xilisoft Corporation
2010-01-08 07:53 . 2010-01-08 07:53 -------- d-----w- c:\program files\Xilisoft
2010-01-04 21:37 . 2010-01-04 21:36 -------- d-----w- c:\program files\MagicISO
2010-01-04 02:16 . 2010-01-04 02:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-04 02:15 . 2010-01-04 02:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-04 02:14 . 2010-01-04 02:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-04 02:14 . 2010-01-04 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-04 01:54 . 2010-01-04 01:54 -------- d-----w- c:\program files\WBFS
2010-01-03 05:13 . 2010-01-03 05:06 -------- d-----w- c:\program files\NCH Software
2010-01-03 05:08 . 2010-01-03 05:08 -------- d-----w- c:\documents and settings\Richard\Application Data\NCH Swift Sound
2010-01-03 05:07 . 2010-01-03 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-03 00:50 . 2010-01-03 00:50 -------- d-----w- c:\program files\Reference Assemblies
2009-12-31 16:50 . 2009-08-11 13:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 03:02 . 2009-12-30 22:30 -------- d-----w- c:\program files\Vuze
2009-12-30 22:31 . 2009-12-30 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-30 22:31 . 2009-12-30 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-12-30 22:28 . 2009-12-30 22:28 1924200 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-30 22:28 . 2009-12-30 22:28 -------- d-----w- c:\program files\NOS
2009-12-30 22:27 . 2009-12-30 22:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-30 22:27 . 2009-12-30 22:27 -------- d-----w- c:\program files\Java
2009-12-30 22:27 . 2009-12-30 22:27 152576 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-30 22:27 . 2009-12-30 22:27 79488 ----a-w- c:\documents and settings\Richard\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-30 22:25 . 2009-12-30 22:25 -------- d-----w- c:\program files\ffdshow
2009-12-30 22:18 . 2009-12-30 22:18 0 ----a-w- c:\windows\nsreg.dat
2009-12-30 22:16 . 2009-12-30 22:16 -------- d-----w- c:\program files\Windows Sidebar
2009-12-29 05:45 . 2009-12-29 05:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-29 05:45 . 2009-12-29 05:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-29 05:45 . 2009-12-29 05:45 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-21 19:14 . 2009-08-11 13:03 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-08-11 13:13 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2009-08-11 13:03 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-04-14 00:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 03:42 . 2009-12-30 22:25 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-04 18:22 . 2009-08-11 13:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2009-08-11 13:03 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2009-08-11 13:03 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2009-08-11 13:03 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2009-08-11 13:03 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\tru6a102.default\extensions\[email protected]\components\DTToolbarFF.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SYMNRT"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-30 149280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Richard^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Richard\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 02:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 5:59 PM 38912]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2010 6:14 PM 691696]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [8/11/2009 11:51 AM 55152]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 11:00 AM 1684736]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 5:08 PM 533360]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 4:24 AM 1015424]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/27/2009 9:47 PM 39040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Administrator.YOUR-QS7Q3M71UK\Application Data\Mozilla\Firefox\Profiles\car33vh3.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 15:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-339111684-1574637209-870814963-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,db,49,07,fb,06,9b,4b,9e,1e,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,db,49,07,fb,06,9b,4b,9e,1e,36,\
.
Completion time: 2010-02-21 15:15:34
ComboFix-quarantined-files.txt 2010-02-21 23:15

Pre-Run: 118,457,516,032 bytes free
Post-Run: 121,103,478,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F50CC75C0852E00C7FD6D658691BD325
  • 0

#8
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
After combofix did its thing, my computer is now back to normal and now is booting up normally and no longer hanging.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets file that under weird :) As again there was nothing removed that would have prevented the boot

Could you now run MBAM from normal mode and let me know of any problems

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#10
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
I will post the log as soon as it is done. In about 30 minutes lol. Other than that, I will edit this post when it is done. Thank you

Edit: Sorry it took so long to get back. Here is the mbam post below.

Edited by gr8joel, 22 February 2010 - 09:14 PM.

  • 0

#11
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
Malwarebytes' Anti-Malware 1.44
Database version: 3778
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/22/2010 7:11:35 PM
mbam-log-2010-02-22 (19-11-30).txt

Scan type: Quick Scan
Objects scanned: 136119
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem with the time - I was in bed by then anyway :)

That looks good - what problems do you have at the moment ?
  • 0

#13
gr8joel

gr8joel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 200 posts
I have absolutely no problems what so ever. Thanks very much Essexboy my brother and I are very happy with his computer now. He won't be installing anything in the future unless I am there lol. :)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP