Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista won't boot after malware infection

Started by Skily , May 01 2011 09:04 AM

  • This topic is locked This topic is locked

#16
Skily
Posted 06 May 2011 - 02:56 PM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Ok, this worked.

Here is the log

OTL logfile created on: 5/7/2011 8:50:06 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.62 Gb Total Space | 9.62 Gb Free Space | 13.62% Space Free | Partition Type: NTFS
Drive D: | 316.83 Mb Total Space | 107.58 Mb Free Space | 33.95% Space Free | Partition Type: FAT
Drive E: | 70.61 Gb Total Space | 34.68 Gb Free Space | 49.11% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TuneUp.UtilitiesSvc)
SRV - File not found [On_Demand] -- -- (TuneUp.Defrag)
SRV - [2011/04/15 07:36:02 | 001,378,040 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/30 11:09:20 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/10/16 11:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 10:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/01/02 03:33:24 | 000,135,168 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/11/17 10:56:32 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (dsltestSp5)
DRV - [2009/04/11 02:32:55 | 000,226,280 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008/11/17 01:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/01/20 22:21:28 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/02/05 12:01:00 | 004,456,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/20 12:02:42 | 000,847,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/11/17 10:53:30 | 001,962,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2004/10/08 04:51:08 | 001,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Nils_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Nils_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nils_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..extensions.enabledItems: [email protected]:0.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.0.4280
FF - prefs.js..extensions.enabledItems: {05BF52F6-A4F9-48B9-84ED-F8D83762E619}:0.5.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.0.0.0
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7pre.080830
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.75
FF - prefs.js..extensions.enabledItems: {1a45a8a0-3278-11dd-bd11-0800200c9a66}:1.0.1
FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.0.02
FF - prefs.js..extensions.enabledItems: {47e5a66c-0e35-11dc-8314-0800200c9a66}:3.0.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.071508

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: D:\Programme\Online\Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: D:\Programme\Online\Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\Online\Firefox 4\components
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\Online\Firefox 4\plugins

[2008/08/30 15:12:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Extensions
[2011/04/29 14:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] ("BilderHerunterlader") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{af2f0750-c598-4826-8e5f-bb98aab519a5}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\[email protected]
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\[email protected]
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\[email protected]
[2010/03/13 14:22:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010/03/13 14:22:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\mz979o3j.Standard-Benutzer\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/12/31 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (New Tab Button on Tab Right) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{05BF52F6-A4F9-48B9-84ED-F8D83762E619}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (MR Tech Disable XPI Install Delay) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{0F25ED9F-9213-422D-9AB9-7DA9BD416FFA}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Just Black (A Cylence theme for Firefox 3)) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{1a45a8a0-3278-11dd-bd11-0800200c9a66}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2011/05/01 16:12:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/01 16:12:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/01 16:12:07 | 000,000,000 | ---D | M] (iPox) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2011/05/01 16:12:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/01 16:12:07 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/05/01 16:12:07 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/05/01 16:12:08 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\[email protected]
[2011/05/01 16:12:06 | 000,000,000 | ---D | M] (PicLens) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\[email protected]
[2008/08/23 09:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\nbo4frt5.default\extensions\[email protected]
File not found (No name found) -- D:\PROGRAMME\ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
File not found (No name found) -- D:\PROGRAMME\ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/05/07 01:22:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Watch for Browser Events) - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\Nils_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\OrbiCam.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found
O4 - Startup: C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AWC.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Nils_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c4de58cd-60d3-11df-a300-0016d350f8dc}\Shell\AutoRun\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{c4de58cd-60d3-11df-a300-0016d350f8dc}\Shell\open\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 01:23:35 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/05/07 01:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/30 16:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 10:30:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/29 15:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/29 15:49:34 | 000,000,000 | -H-D | C] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2011/04/29 15:15:12 | 000,348,160 | -HS- | C] (Microsoft Corporation) -- C:\Users\Nils\AppData\Local\kjt_exe_1304270595.arl
[2011/04/29 15:15:12 | 000,348,160 | -HS- | C] (Microsoft Corporation) -- C:\Users\Nils\AppData\Local\kjt.exe
[2008/03/30 14:01:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2006/11/20 12:10:16 | 000,204,824 | ---- | C] (Acer Inc.) -- C:\Program Files\VideoControl.dll
[2006/11/20 12:09:20 | 000,079,384 | ---- | C] (Acer Inc.) -- C:\Program Files\LogiMail.dll
[2006/11/20 12:09:08 | 000,366,104 | ---- | C] (Acer Inc.) -- C:\Program Files\IPPJPEG.dll
[2006/11/20 12:08:58 | 000,280,088 | ---- | C] (Acer Inc.) -- C:\Program Files\EFVal.dll
[2001/09/05 15:00:58 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll

========== Files - Modified Within 30 Days ==========

[2011/05/07 01:22:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/06 05:39:03 | 000,000,512 | ---- | M] () -- C:\Physical0MBR.bin
[2011/05/01 17:34:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 16:12:00 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
[2011/05/01 16:12:00 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/01 16:12:00 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/01 16:12:00 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/01 16:12:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programme
[2011/05/01 16:12:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online
[2011/05/01 16:12:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/30 04:39:12 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/04/29 15:06:30 | 000,037,210 | -H-- | M] () -- C:\Users\Nils\AppData\Roaming\nvModes.001
[2011/04/29 15:05:30 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\OGALogon.job
[2011/04/29 15:05:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 15:04:59 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 15:04:59 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 13:50:37 | 000,037,210 | -H-- | M] () -- C:\Users\Nils\AppData\Roaming\nvModes.dat
[2011/04/29 13:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 13:35:51 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\OGADaily.job
[2011/04/27 17:37:21 | 000,000,680 | -H-- | M] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2011/04/27 14:51:39 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/27 14:51:39 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/27 14:51:39 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/27 14:51:39 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/25 14:38:51 | 000,241,152 | ---- | M] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 13:01:02 | 000,373,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/06 05:39:03 | 000,000,512 | ---- | C] () -- C:\Physical0MBR.bin
[2010/10/24 14:23:08 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/07/04 11:39:01 | 000,121,832 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/10 16:54:55 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/01/17 09:20:17 | 000,000,680 | -H-- | C] () -- C:\Users\Nils\AppData\Local\d3d9caps.dat
[2009/11/26 15:57:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/26 15:57:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/26 15:56:46 | 000,226,280 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2009/11/26 15:56:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/09 16:26:39 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/12/31 11:04:42 | 000,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/31 11:04:42 | 000,528,744 | ---- | C] () -- C:\Windows\System32\OGAVerify.exe
[2008/09/02 16:55:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/08/02 19:10:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/23 09:46:58 | 000,000,009 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\mdb.bin
[2008/04/05 06:17:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2008/04/01 15:18:27 | 000,037,210 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\nvModes.001
[2008/03/31 14:11:08 | 000,037,210 | -H-- | C] () -- C:\Users\Nils\AppData\Roaming\nvModes.dat
[2008/03/30 14:01:49 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2008/03/30 13:58:18 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2008/03/30 13:17:41 | 000,007,168 | ---- | C] () -- C:\Windows\System32\Dtctrace.dll
[2008/03/30 13:07:02 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/03/30 13:07:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/30 13:07:00 | 002,085,376 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/03/30 13:07:00 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/03/30 12:14:54 | 000,241,152 | ---- | C] () -- C:\Users\Nils\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/21 04:24:09 | 000,621,952 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:24:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:24:09 | 000,123,852 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:24:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/09/20 06:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007/09/20 06:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/09/20 06:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/20 06:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007/09/20 06:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/09/20 06:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007/09/20 06:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/09/20 06:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/09/20 06:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007/09/20 06:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007/09/20 06:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007/09/20 06:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007/09/20 06:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/09/20 06:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007/09/20 06:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007/09/20 06:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007/09/20 06:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007/09/20 06:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007/09/20 06:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006/11/20 12:11:48 | 000,023,576 | ---- | C] () -- C:\Program Files\MSNCmRes.dll
[2006/11/20 12:11:36 | 001,078,808 | ---- | C] () -- C:\Program Files\LAppRes.DLL
[2006/11/20 12:11:36 | 000,206,360 | ---- | C] () -- C:\Program Files\ATWizardRes.dll
[2006/11/20 12:09:54 | 000,754,712 | ---- | C] () -- C:\Program Files\OrbiCam.exe
[2006/11/20 12:09:42 | 000,032,280 | ---- | C] () -- C:\Program Files\MSNCam.dll
[2006/11/20 12:09:32 | 000,316,952 | ---- | C] () -- C:\Program Files\LogiMailApp.exe
[2006/11/20 12:08:34 | 000,292,888 | ---- | C] () -- C:\Program Files\ATWizard.exe
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,373,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,590,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,094 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/30 05:40:18 | 000,246,011 | -H-- | C] () -- C:\Program Files\orbicam.chm
[2006/10/25 08:04:00 | 000,008,690 | -H-- | C] () -- C:\Program Files\ReadMe_KOR.htm
[2006/10/25 08:00:56 | 000,009,168 | -H-- | C] () -- C:\Program Files\ReadMe_JPN.htm
[2006/10/25 08:00:26 | 000,007,909 | -H-- | C] () -- C:\Program Files\ReadMe_CHT.htm
[2006/10/25 07:59:54 | 000,007,929 | -H-- | C] () -- C:\Program Files\ReadMe_CHS.htm
[2006/10/25 07:58:36 | 000,062,682 | -H-- | C] () -- C:\Program Files\readme.htm
[2005/09/29 08:39:40 | 000,011,014 | -H-- | C] () -- C:\Program Files\logo.bmp

========== LOP Check ==========

[2008/03/30 12:32:03 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\ACD Systems
[2009/06/14 13:57:40 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\avidemux
[2011/05/01 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\BSplayer PRO
[2010/10/22 12:16:57 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Dropbox
[2011/04/29 15:50:18 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\GetRightToGo
[2009/12/15 20:08:45 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Imaxel
[2011/05/01 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Kingston
[2008/06/07 11:02:33 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\LEAPS
[2011/05/01 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Mp3tag
[2008/06/07 10:47:58 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Pegasys Inc
[2010/02/19 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\SecureTraveler
[2011/05/01 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Security_File
[2009/11/28 10:26:40 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\Thinstall
[2010/10/23 11:58:49 | 000,000,000 | ---D | M] -- C:\Users\Nils\AppData\Roaming\TuneUp Software
[2008/12/21 19:43:21 | 000,000,000 | -H-D | M] -- C:\Users\Nils\AppData\Roaming\Xilisoft Corporation
[2008/03/30 12:31:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\ACD Systems
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/30 12:42:16 | 000,000,000 | -H-D | M] -- C:\ProgramData\Insight Software Solutions
[2008/10/01 14:26:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\Pictomio
[2009/10/11 08:30:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\Roaming
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/10/23 14:34:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\T-Online
[2011/04/29 15:50:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/02/19 12:45:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\TrueCrypt
[2010/10/23 11:58:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/03/30 11:54:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/03/21 14:01:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 10:38:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 14:52:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 16:02:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/01 16:12:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/05/01 16:12:00 | 000,000,000 | -H-D | M] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2011/04/29 13:35:51 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\OGADaily.job
[2011/04/29 15:05:30 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\OGALogon.job
[2011/04/29 14:30:12 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

Advertisements

#17
Render
Posted 06 May 2011 - 03:17 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Now try one more time with this new attached scan.txt as instructed in my post here. So instead Quick Scan click on Run scan button. Attached File  scan.txt   36bytes   128 downloads
  • 0

#18
Skily
Posted 06 May 2011 - 03:48 PM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Again it is taking forever with no visible progress after a while and the text "manuel file scan - getting folder structure..."
  • 0

#19
Render
Posted 06 May 2011 - 03:56 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
No problem. We will use another environment to run our scans and fixes.

Please follow the steps bellow:

You will need a USB drive and a blank CD-R.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Insert a blank CD-R into optical drive.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
  • 0

#20
Skily
Posted 07 May 2011 - 05:25 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Did it, but report.txt file only says the following:

Sat May 7 23:49:13 UTC 2011
  • 0

#21
Render
Posted 07 May 2011 - 05:31 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Strange. Please try one more time with OTLPE as instructed in my post here. And use this custom scan script: Attached File  scan.txt   104bytes   107 downloads
  • 0

#22
Skily
Posted 07 May 2011 - 06:38 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Same old stroy. Out of memory, "manuel file scan - getting folder structure..."
  • 0

#23
Render
Posted 07 May 2011 - 06:59 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Turn on or restart the computer as normal (without OTLPE or xPUD CD).
  • Press and tap the F10 key about every second until you see the screenshot below.

    Posted Image
  • Now please tell me the content of the last line on your screen.

  • 0

#24
Skily
Posted 07 May 2011 - 07:19 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Not sure if interesting, but when doing the xPUD scan you suggested, one message I get in the "terminal" is

driver.sh: line 201: driv.txt: Read-only file system
driver.sh: line 443: driv.txt: No such file or directory
rm: cannot remove 'driv.txt': No such file or directory
rm: cannot remove 'files.txt': No such file or directory

I'll do the last suggestion now
  • 0

#25
Skily
Posted 07 May 2011 - 07:22 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Last line is exactly the same as on your screenshot

Hard dsik one says a65a653
  • 0

Advertisements

#26
Render
Posted 07 May 2011 - 07:45 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. That's good.

Not sure if interesting, but when doing the xPUD scan you suggested, one message I get in the "terminal" is....

Yes of course all your observations are very helpful for me. :)

Now we have a little complicated situation.

Please boot from xPUD CD.
Your system should now display a xPUD desktop.
Click on File and then on mnt map.
You should see now something like sda1, sda2,....
Click on all these maps and tell me in which one are folders like windows, users, program files,...
  • 0

#27
Skily
Posted 07 May 2011 - 07:55 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
In 2 out of 3 :)

In SDA2 is my normal C drive which has the windows system. SDA1 has only 8.4 GB, guess this is a hidden recoevery partition of Acer.
  • 0

#28
Render
Posted 07 May 2011 - 08:59 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It looks like xPUD scanned your recovery partition for drivers.

Anyway if you didn't already try that I will go with the Startup repair now:

  • Start or Restart the computer.
  • Press F8 on your keyboard about every second as soon as you turn the computer on until you see the screenshot below.

    Posted Image
  • Use the arrow keys to select Repair your computer and press Enter.
    NOTE: This options will only be available if you have a OEM computer with a recovery partition on your hard drive. Otherwise, you will need to use the System Recovery Options from your retail Vista installation disk. Repair Your Computer shows a list of system recovery tools that you can use to repair startup problems, run diagnostics, or restore your system.
  • Select your language preferences and click on Next. (See screeshot below).

    Posted Image
  • Select a user name and type in the password, and then click on OK.
  • Click on the Startup Repair option. (See screenshot below)

    Posted Image
  • The Startup Repair tool will attempt to fix your computer and get it booting up again. (See screeshot below)
  • NOTE: Startup Repair might prompt you to make choices as it tries to fix the problem, and if necessary, it might restart your computer as it makes repairs. If repairs are not successful, you'll see a summary of the problem and links to contact information for support. Your computer manufacturer might include additional assistance information.

    Posted Image
  • On completion restart your computer and see if it boots.

  • 0

#29
Skily
Posted 07 May 2011 - 09:01 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Got Vista to run!

In the SDA1, the assumed Acer recervy, there was a windows folder. Took the volsanp.sys from there and replaced the damaged ones (saving a copy of the damaged one).

Assume I still have to do some cleanup work for the malware, but it should make things easier already :)

So far, the system is behaving normally. The AVG rescue disc seems to have done a good job.
  • 0

#30
Skily
Posted 07 May 2011 - 09:03 AM

Skily

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I had tried the system repair earlier, but it didn't work
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP