Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP won't boot - blinking cursor

Started by noiserider , Dec 06 2010 08:37 PM

This topic is locked

#31
noiserider

Posted 09 December 2010 - 05:59 PM

Member

Topic Starter
Member
32 posts

Hello Salagubang,

I'm having a problem with STEP ONE. I get this error:

NTLDR: Fatal error 1 reading boot.ini

Here is the boot.ini file:
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Emergency Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=Optin

#32
noiserider

Posted 09 December 2010 - 06:24 PM

Member

Topic Starter
Member
32 posts

I fixed the NTLDR: Fatal error 1 reading boot.ini problem by deleting a oldboot.ini file from the memory stick.

Here is the new boot.ini file I am using:

[boot loader]
timeout=-1
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Emergency Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=Optin
c:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

Now I can get to the place where it allows me to choose "Microsoft Windows Recovery Console".

After selecting "Microsoft Windows Recovery Console" I get this error message:

Windows could not start because the following file is missing or corrupt:
<Windows root>\system32\hal.dll
Please re-install a copy of the above file.

I'll do that and report back.

#33
noiserider

Posted 09 December 2010 - 06:35 PM

Member

Topic Starter
Member
32 posts

I replaced the hal.dll file in C:\windows\system32\ , but I get the same error message.

What can we try next?

#34
Salagubang

Posted 09 December 2010 - 06:57 PM

Trusted Helper

Malware Removal
3,891 posts

Hi noiserider,

Lets try this alternative to Recovery Console.

Download RC.ISO from Here.
Now burn this ISO image to a CD and boot your computer with it.
NOTE: Keep in mind that this is different than burning a file to a CD-ROM. If you do not know how to burn an ISO image, then download CDBurnerXP Pro to another Windows machine and install it. Then go Here for instructions for burning the ISO image
Once the CD is created, place it in the defunct computer
Then reboot your broken PC with that CD in the CD-ROM drive.
Make sure the PC is set to run from the CD as the primary boot device.
NOTE: You do this by setting your PC to boot to the CD-ROM in BIOS (enter bios by pressing f1, f2 or del key during memory count up, then search for boot order, and set the CD as the first boot device)
When the PC boots, it will boot from the CD...after the first several screens load, you will be given a choice to choose R for Recovery Console. You will be asked to log in.
NOTE: For Windows XP Home, there is not password, just hit ENTER. For Windows XP pro, ask whomever set up the machine what password they used.

Type in the command prompt then press enter:

fixmbr

Reboot into normal mode.

Edited by Salagubang, 09 December 2010 - 06:58 PM.

#35
noiserider

Posted 09 December 2010 - 07:25 PM

Member

Topic Starter
Member
32 posts

We're trying hard, but that didn't wok either. I was able to burn the disk. I get the blue screen with Windows Setup at the top. I see many drivers being loaded at the bottom of the screen, but it stops at:

Setup is starting Windows

The keyboard is dead and I have to press the the power switch.

When I press the power switch I get the following error message:

A problem has been detected .....
DRIVER_IRQL_NOT_LESS_OR_EQUAL
If this is the first time....
Check to make sure .....
If problems continue .......
STOP:0x000000D1 (0x00000028, 0x00000002, 0x00000000, 0xF73D1663)
acpi.sys - Address F73D1663 base at F73C7000, Datestamp 3b7d8550

#36
noiserider

Posted 09 December 2010 - 07:32 PM

Member

Topic Starter
Member
32 posts

I didn't make the CDROM the primary device in the bios. I used the F12 command to get to the CDROM. Is it important that I make the CDROM the primary device in the BIOS?

#37
Salagubang

Posted 09 December 2010 - 07:36 PM

Trusted Helper

Malware Removal
3,891 posts

Hi noiserider,

I didn't make the CDROM the primary device in the bios. I used the F12 command to get to the CDROM. Is it important that I make the CDROM the primary device in the BIOS?

No, F12 is OK.

Moving on.

Restart your computer then uplug the USB stick.
Insert the recovery disk and using 7zip to open the image files, copy the files mbrwrwin.exe and rtmbr.bin to the root directory of drive C.(C:\)
Now press Start >> Run and type cmd then press enter.
In the command prompt, type in the following then pressing enter each time.

cd c:\
mbrwrwin install rtmbr.bin
Wait till it finishes then restart the computer into normal mode without the USB stick.
If the computer booted successfully, proceed with the succeeding instructions.

Edited by Salagubang, 09 December 2010 - 07:36 PM.

#38
noiserider

Posted 09 December 2010 - 08:03 PM

Member

Topic Starter
Member
32 posts

Success!

Now it boots from the hard disk.

I'm doing the MBAM scan now and will report back.

I notice one other problem that may or may not be related. When I run Microsoft Word and try to display a document with a picture in it (pure text is no problem) the computer locks up. No keyboard; no mouse. I have to hit the power switch and reboot. I can probably solve this one by reinstalling Office.

a big thanks!

Keith

#39
noiserider

Posted 09 December 2010 - 08:12 PM

Member

Topic Starter
Member
32 posts

MBAM Report:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5284

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2010 9:02:27 PM
mbam-log-2010-12-09 (21-02-27).txt

Scan type: Quick scan
Objects scanned: 155901
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#40
noiserider

Posted 09 December 2010 - 09:27 PM

Member

Topic Starter
Member
32 posts

Here is the kaspersky Report:

Autoscan: completed 6 minutes ago (events: 2, objects: 233599, time: 00:30:40)
12/9/2010 9:37:33 PM Task started
12/9/2010 10:08:13 PM Task completed

I think I'm back to normal with the exception that both Word and Power Point now lock up the computer. Do you have any advice for those problems other than reinstall?

I am also interested in your opinion as to what caused my problem.

Did Avast catch the virus only after it had done some damage?
Was it a disk failure?
Did the new version of MBAM that required a restart cause the problem?

Thanks,

Keith

#41
Salagubang

Posted 09 December 2010 - 09:50 PM

Trusted Helper

Malware Removal
3,891 posts

Hi noiserider,

I think I'm back to normal with the exception that both Word and Power Point now lock up the computer. Do you have any advice for those problems other than reinstall?

That problem must require a whole new banana. I'll ask around.

I am also interested in your opinion as to what caused my problem.

Did Avast catch the virus only after it had done some damage?
Was it a disk failure?
Did the new version of MBAM that required a restart cause the problem?

The main problem was the corrupted harddisk MBR - a small space in the beginning of your harddisk which tells the computer where to look for the windows installation. It does seem avast caught late since the damage has been done already.

My first instruction was intended to cure it but somehow (after you ran AVG live CD) the tools could not detect the mbr infection. I think AVG killed it but didn't repair.

I don't think MBAM has anything to do with the problem.

Can you run OTL again and post a fresh log. I need to review what we have so far.

#42
noiserider

Posted 10 December 2010 - 06:19 AM

Member

Topic Starter
Member
32 posts

OTL Report:

OTL logfile created on: 12/10/2010 7:14:26 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Keith Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 38.77 Gb Free Space | 60.14% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.26 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive Y: | 74.46 Gb Total Space | 42.23 Gb Free Space | 56.72% Space Free | Partition Type: NTFS

Computer Name: ACER-SUNROOM | User Name: Keith Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 09:16:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Admin\My Documents\Downloads\OTL.exe
PRC - [2010/10/30 06:18:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/02/23 08:49:16 | 002,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008/12/11 14:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 01:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/08 07:38:54 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/06/28 06:46:30 | 000,622,592 | ---- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/06/27 09:30:30 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/03/01 15:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/03/17 13:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

========== Modules (SafeList) ==========

MOD - [2010/12/07 09:16:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Admin\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/07/26 07:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/11 16:18:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/11 14:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\KEITHA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/22 14:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/01/21 08:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/12/18 11:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/11/02 18:52:14 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/09/24 02:09:52 | 000,041,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/09/22 10:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/08/19 02:27:00 | 004,805,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 15:48:00 | 006,555,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/05 23:52:26 | 000,132,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/17 01:43:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 01:43:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/28 05:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/01/19 02:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 21:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 06:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 15:04:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/29 06:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/02 15:01:28 | 000,000,000 | ---D | M]

[2010/11/23 14:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions
[2010/05/02 07:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/07 22:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions\[email protected]
[2010/12/10 07:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions
[2010/12/10 07:12:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/10 07:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\[email protected]
[2010/12/10 07:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/28 06:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2010/05/10 06:04:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 08:55:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/09/29 13:16:46 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/09/29 13:16:50 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/09/29 13:19:44 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/09/29 13:16:56 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/09/29 13:17:08 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/08 18:07:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1249944521046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264526934562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/02 18:21:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/09 20:01:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/08 18:00:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/08 17:59:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/08 17:59:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/08 17:59:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/08 17:59:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/08 17:59:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/08 17:59:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 17:26:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/07 22:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Desktop\Config
[2010/12/07 22:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/12/07 22:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Local Settings\Application Data\TomTom
[2010/12/07 22:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010/12/07 21:47:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/07 17:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Checker(2)
[2010/12/07 15:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd(2)
[2010/12/07 12:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Application Data\ElevatedDiagnostics
[2010/12/07 12:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/11/23 14:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\My Documents\TomTom
[2010/11/23 14:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/11/23 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Application Data\TomTom
[2010/11/23 14:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2008/05/09 07:58:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/12/10 07:13:17 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/10 07:13:17 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/10 07:10:10 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/10 07:10:03 | 000,188,791 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/10 07:08:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/10 07:08:57 | 1878,249,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/09 21:33:54 | 000,000,508 | -HS- | M] () -- C:\BOOT.INI
[2010/12/08 18:07:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/07 09:03:49 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sunroom Acer Thunderbird Backup.job
[2010/12/07 09:00:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sunroom Acer Backup.job
[2010/12/07 08:33:40 | 000,000,388 | ---- | M] () -- C:\Boot.bak
[2010/12/07 08:13:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 14:35:16 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-UF50O.msg
[2010/12/06 14:35:16 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-UF50O.lst
[2010/11/25 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/25 15:33:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

========== Files Created - No Company Name ==========

[2010/12/09 22:16:43 | 1878,249,472 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/09 20:43:59 | 000,069,632 | ---- | C] () -- C:\MBRWRWIN.EXE
[2010/12/09 20:43:59 | 000,000,512 | ---- | C] () -- C:\RTMBR.BIN
[2010/12/08 17:59:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/08 17:59:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/08 17:59:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/08 17:59:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/08 17:59:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/07 14:53:42 | 000,000,388 | ---- | C] () -- C:\Boot.bak
[2010/12/07 14:53:40 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/12/07 08:53:46 | 000,000,211 | RHS- | C] () -- C:\Copy of boot.ini
[2010/12/07 08:53:32 | 000,250,048 | RHS- | C] () -- C:\Copy of ntldr
[2010/12/07 08:53:22 | 000,047,564 | RHS- | C] () -- C:\Copy of NTDETECT.COM
[2010/12/06 14:35:16 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-UF50O.lst
[2010/12/06 14:35:15 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-UF50O.msg
[2010/04/02 12:48:07 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Keith Admin\Application Data\setup_ldm.iss
[2009/12/16 13:53:02 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/10/30 07:19:19 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\msgphd.dll
[2009/10/30 07:19:19 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\msgpd.dll
[2009/08/14 12:42:05 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/14 12:42:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/14 12:41:32 | 000,000,287 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/08/14 12:41:32 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/08/14 12:40:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/08/14 12:38:05 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/08/11 19:03:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/11 12:55:09 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/11 12:55:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/08/11 12:54:48 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll
[2009/08/11 12:54:38 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2009/08/11 12:54:35 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll
[2009/08/11 12:53:48 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/11 12:49:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/11 06:21:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/10 20:22:29 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/08/10 20:22:29 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/08/10 20:22:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/08/10 20:22:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/08/10 20:22:26 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/08/10 17:43:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2009/08/10 17:29:43 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Keith Admin\Local Settings\Application Data\fusioncache.dat
[2009/06/26 01:27:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2009/06/26 01:27:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2009/06/26 01:27:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2009/06/26 01:27:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2008/11/04 03:14:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/02 18:52:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2008/11/02 18:21:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/02 16:09:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2008/07/30 21:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/14 22:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/28 05:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

#43
Salagubang

Posted 10 December 2010 - 06:35 AM

Trusted Helper

Malware Removal
3,891 posts

Hows the computer running now?

#44
noiserider

Posted 10 December 2010 - 07:28 AM

Member

Topic Starter
Member
32 posts

Everything is fine except for MS Word and MS Power Point. MS Word locks up the computer when it tries to display a picture. Power Point locks up the computer as soon as it loads.

I uninstalled and re-installed the entire office program, but that didn't fix the problem.

I can run Word and Power Point with no problems when I'm in Safe Mode.

Do I have a graphics driver problem?

#45
noiserider

Posted 10 December 2010 - 08:12 AM

Member

Topic Starter
Member
32 posts

I tried updating the NVDIA driver and that locked up the computer.

Word and Power Point are still a problem.

I'm thinking there is something still basically broken.

Would it make sense to restore the system to the original state when I bought it 2 years ago and reload all the programs, get all the updates and reload all my documents?

I know this will take hours, but I imagine I'll have a computer I can trust again.

I appreciate all the help you've given me, but it may be time to "cut our losses".

What are your thoughts?