[mewsick75]

Hello,

A friend gave me his computer to look at and it has the Moneypack Virus on it and probably more.
I would have sent a log with this post but I cant boot into Windows regular mode or safe mode.
It's a Vista machine and I've tried recovery mode and last known good configuration and they both kick me back to the regular mode.
This is NOT a work computer this is a home issue with a friends computer.

Any help would be greatly appreciated.

[Advertisements]

Hi you will need an operating computer and a USB stick of at least 4Gb

Download the following three programmes to the desktop :


1. Rufus

For 32bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool

For 64bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB





Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer


Select your operating system

Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe (or FRST for 32bit) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Essexboy]

Hi you will need an operating computer and a USB stick of at least 4Gb

Download the following three programmes to the desktop :


1. Rufus

For 32bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool

For 64bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool



Insert the USB stick Then run Rufus

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

Then copy FRST to the same USB





Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer


Select your operating system

Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe (or FRST for 32bit) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[mewsick75]

When I go to the site to download the ISO file, there is nothing there to download.

[Essexboy]

OK just checked and they appear to have pulled the file from there, I will try and locate another download location

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[mewsick75]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on REATOGO on 09-10-2013 14:39:35
Running from E:\
Windows Vista ™ Home Basic (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2009-03-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-12-11] (Dell Inc.)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-04-14] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2004-04-14] (ScanSoft, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Sean\...\Run: [Aim] - C:\Program Files\AIM\aim.exe [ 2011-01-05] (AOL Inc.)
HKU\Sean\...\Winlogon: [Shell] explorer.exe,C:\Users\Sean\AppData\Roaming\data.dat [ 2010-10-15] () <==== ATTENTION

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)
S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72224 2009-01-07] (O2Micro International)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\STacSV.exe [249938 2009-03-31] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-12-11] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-11] (Broadcom Corporation)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-24] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [246840 2009-04-11] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-03] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvix86.sys [392792 2013-08-20] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVENG.SYS [93272 2013-09-21] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVEX15.SYS [1612376 2013-09-21] (Symantec Corporation)
S3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [51616 2009-01-07] (O2Micro )
S3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41760 2009-01-07] (O2Micro )
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 SharedAccess;

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys C7C7606B37C77632949BF55E7FDE494E
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\DRIVERS\Apfiltr.sys FB7C669774FFCACD77B5969EE5D9A19B
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\system32\drivers\atapi.sys 0D83C87A801A3DFCD1BF73893FE7518C
C:\Windows\System32\drivers\BCM42RLY.sys 31A7CF8B26035FCF58BD1DBF36B1E69A
C:\Windows\System32\DRIVERS\bcmwl6.sys FA6707A346CD122407F3B0BAD1C47639
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys F4220FE21B61F45A1CA2E524A6E9B1FC
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 72DF06D26AE4CED2E08F428B96302B0E
C:\Windows\System32\DRIVERS\bridge.sys 72DF06D26AE4CED2E08F428B96302B0E
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys 3BEE52611F22C9C0023A98A4425E084F
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys 0703B9DEE7EEC6D6370EDEBD43D0F5C2
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 4FC0A44DA7603229E1A9454126A59EFD
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys A261867E0862BE565BC1F86D387C0805
C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845A
C:\Windows\System32\DRIVERS\e1e6032.sys 908ED85B7806E8AF3AF5E9B74F7809D4
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6D84DFC3B5C5052881BF50470D0C03D1
C:\Windows\system32\drivers\errdev.sys F2A80DE2D1B7116052C09CB4D4CA1416
C:\Windows\System32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\System32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\System32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\System32\drivers\ftdibus.sys 8142D5D886829B9876CB93AF59475C09
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 33B02459E86D0A2B86A6B9FE19139390
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\drivers\iastor.sys BAABB0301949774A66B955C65319635A
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvix86.sys 715941AC16A273F986733BA9A2536368
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\system32\drivers\msahci.sys F70590424EEFBF5C27A40C67AFDB8383
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys C8560010A542B5DCA94C62468DC20784
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\o2mdg.sys 4F8D4B1233AF48B30F4FDC76A8865CFA
C:\Windows\System32\DRIVERS\o2sdg.sys 928B7612B65E82D68D489A1474C98B37
C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\System32\Drivers\PxHelp20.sys 03E0FE281823BA64B3782F5B38950E73
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\Rtlh86.sys 53892CBD9735A80712EE9439268344B4
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS C743E384E9EFCA10B41C60D406DE39C0
C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS FE9BD381778A344F0E39AE2D5E607D7F
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\stwrt.sys 5DB6772707388E1DE4D79D2025E7EF0C
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS 5A193E5E0F0A776430E5D62A051C1E16
C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS 1773FB2920EBB3A8BAD0360618091470
C:\Windows\system32\Drivers\SYMEVENT.SYS F50D81D3E0C7A353F205562B89CD06D6
C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS 8C9B9036E301A9965CF15BEC91C58A12
C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS C834343C3A23DC9BC3AA752F0CAFD04B
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys 2574E35330AD319A365196D68703C1DE
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 3C586AB71D7F81C1E5EB5675FFD6D940
C:\Windows\System32\DRIVERS\usbhub.sys 134445EFD1D602DA3CE9C2F9AEEBE84D
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys 4C1DC3499CF94C0B6714CF086267FD6F
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96
C:\Windows\system32\drivers\wmiacpi.sys 48CA581C12022AC60FE82E2B96FBF5D4
C:\Windows\System32\DRIVERS\wpdusb.sys 0CEC23084B51B8288099EB710224E955
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-09 14:37 - 2013-10-09 14:37 - 00000000 ____D C:\FRST
2013-10-05 08:15 - 2013-10-08 15:57 - 00000004 _____ C:\Users\Sean\AppData\Roaming\settings.ini
2013-10-05 08:13 - 2013-10-05 08:13 - 00233472 _____ C:\Users\Sean\bkjdksqklwdyumqptql.bfg
2013-09-10 07:25 - 2013-09-10 07:25 - 00000000 ____D C:\Users\Sean\Documents\xxxxtest
2013-09-09 21:58 - 2013-09-10 07:26 - 00000000 ____D C:\Users\Sean\Documents\SPACE

==================== One Month Modified Files and Folders =======

2013-10-09 14:37 - 2013-10-09 14:37 - 00000000 ____D C:\FRST
2013-10-08 15:57 - 2013-10-05 08:15 - 00000004 _____ C:\Users\Sean\AppData\Roaming\settings.ini
2013-10-08 15:57 - 2009-10-16 07:49 - 02003628 _____ C:\Windows\WindowsUpdate.log
2013-10-07 21:36 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 21:36 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 19:37 - 2010-11-29 19:10 - 00007052 _____ C:\Users\Sean\AppData\Local\d3d9caps.dat
2013-10-06 10:06 - 2008-01-20 23:02 - 00426062 _____ C:\Windows\PFRO.log
2013-10-05 08:13 - 2013-10-05 08:13 - 00233472 _____ C:\Users\Sean\bkjdksqklwdyumqptql.bfg
2013-10-05 08:13 - 2009-10-21 13:43 - 00000000 ____D C:\users\Sean
2013-09-30 19:31 - 2010-02-11 16:37 - 00000076 _____ C:\Windows\System32\PDFWRITR.INI
2013-09-30 19:31 - 2010-02-11 16:37 - 00000076 _____ C:\Windows\System32\__PDF.INI
2013-09-30 19:31 - 2006-11-02 06:23 - 00000295 _____ C:\Windows\win.ini
2013-09-14 03:02 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\System32\MRT
2013-09-14 03:01 - 2006-11-02 06:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-09-10 07:26 - 2013-09-09 21:58 - 00000000 ____D C:\Users\Sean\Documents\SPACE
2013-09-10 07:25 - 2013-09-10 07:25 - 00000000 ____D C:\Users\Sean\Documents\xxxxtest

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1123020354-2309276913-2768379519-1000\$8ee016118089e98ceb63268d8a8828ea

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8ee016118089e98ceb63268d8a8828ea

Files to move or delete:
====================
C:\Users\Sean\AppData\Roaming\data.dat
C:\Users\Sean\AppData\Roaming\settings.ini
C:\Users\Sean\AppData\Roaming\skype.ini
C:\Users\Sean\AppData\Roaming\i.ini


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

30
Restore point made on: 2013-08-19 06:51:24
Restore point made on: 2013-08-20 06:31:27
Restore point made on: 2013-08-21 20:31:06
Restore point made on: 2013-08-23 23:34:34
Restore point made on: 2013-08-25 01:32:29
Restore point made on: 2013-08-26 22:09:35
Restore point made on: 2013-08-28 00:57:19
Restore point made on: 2013-08-29 00:00:12
Restore point made on: 2013-08-30 19:00:09
Restore point made on: 2013-08-31 11:40:21
Restore point made on: 2013-09-01 01:05:13
Restore point made on: 2013-09-02 00:00:11
Restore point made on: 2013-09-03 06:36:11
Restore point made on: 2013-09-04 00:00:06
Restore point made on: 2013-09-05 07:27:12
Restore point made on: 2013-09-06 07:20:05
Restore point made on: 2013-09-07 07:30:43
Restore point made on: 2013-09-08 02:37:15
Restore point made on: 2013-09-09 07:00:01
Restore point made on: 2013-09-10 07:01:27
Restore point made on: 2013-09-11 07:11:50
Restore point made on: 2013-09-12 00:00:06
Restore point made on: 2013-09-13 18:54:24
Restore point made on: 2013-09-14 03:00:38
Restore point made on: 2013-09-15 08:48:19
Restore point made on: 2013-09-15 08:52:43
Restore point made on: 2013-09-19 03:31:03
Restore point made on: 2013-09-26 08:28:36
Restore point made on: 2013-10-04 07:19:58
Restore point made on: 2013-10-07 21:05:47

==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3032.89 MB
Available physical RAM: 2753.52 MB
Total Pagefile: 2857.81 MB
Available Pagefile: 2793.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.65 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:206.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.13 GB) NTFS
Drive e: () (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: A6BBEEF6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-10-07 19:42

==================== End Of Log ============================

[Essexboy]

OK there will be two fixlists for this infection as one needs to be run in normal mode

First fix :

Download the attached Fixlist.txt to the same location as FRST
[attachment=66910:fixlist.txt]
Run FRST as before and press fix a log will be generated on the USB

Reboot to normal windows

Second fix : will be in the next post

[Essexboy]

Second fix to be run from normal windows on completion of the first fix

Download the attached fixlist.txt to the USB and allow it to over write
[attachment=66911:fixlist.txt]
Run FRST from the USB and press Fix
Again a fix log will be generated

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[mewsick75]

Here is the log from the first run.

I couldn't run the second run or download combofix because when I rebooted the computer it boots into windows but there is a white screen and no desktop. The mouse is still visable and moves around though.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by SYSTEM at 2013-10-09 19:49:43 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Sean\...\Winlogon: [Shell] explorer.exe,C:\Users\Sean\AppData\Roaming\data.dat [ 2010-10-15] () <==== ATTENTION
Files to move or delete:
C:\$Recycle.Bin\S-1-5-21-1123020354-2309276913-2768379519-1000\$8ee016118089e98ceb63268d8a8828ea
C:\$Recycle.Bin\S-1-5-18\$8ee016118089e98ceb63268d8a8828ea
C:\Users\Sean\AppData\Roaming\data.dat
C:\Users\Sean\AppData\Roaming\settings.ini
C:\Users\Sean\AppData\Roaming\skype.ini
C:\Users\Sean\AppData\Roaming\i.ini


*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\Sean\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1123020354-2309276913-2768379519-1000\$8ee016118089e98ceb63268d8a8828ea => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$8ee016118089e98ceb63268d8a8828ea => Deleted successfully.
C:\Users\Sean\AppData\Roaming\data.dat => Moved successfully.
C:\Users\Sean\AppData\Roaming\settings.ini => Moved successfully.
C:\Users\Sean\AppData\Roaming\skype.ini => Moved successfully.
"C:\Users\Sean\AppData\Roaming\i.ini" => File/Directory not found.

==== End of Fixlog ====

[Essexboy]

When on the desktop press the windows and R key together. A run dialogue will appear
Type in explorer.exe does the desktop come back ?
If not type in Iexplore.exe and internet explorer should open
From IE go to the combofix download link, this time select run instead of save
If that fails then run a fresh FRST scan for me please

[mewsick75]

Yeah the desktop will not come up even when I do the things you told me to.
I did notice that it showed up when I did Ctl+Alt+Del and selected shutdaown.
At that point the desktop shows up but the OS is shutting down so I can't get into it.

I ran FRST again on the ISO

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on REATOGO on 10-10-2013 15:57:24
Running from E:\
Windows Vista ™ Home Basic (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2009-03-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-12-11] (Dell Inc.)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-04-14] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2004-04-14] (ScanSoft, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\Sean\...\Run: [Aim] - C:\Program Files\AIM\aim.exe [ 2011-01-05] (AOL Inc.)
HKU\Sean\...\Winlogon: [Shell] explorer.exe,C:\Users\Sean\AppData\Roaming\data.dat [ 2010-10-15] () <==== ATTENTION

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)
S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72224 2009-01-07] (O2Micro International)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\STacSV.exe [249938 2009-03-31] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-12-11] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-11] (Broadcom Corporation)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys [1097304 2013-09-24] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [246840 2009-04-11] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-09-03] (Symantec Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvix86.sys [392792 2013-08-20] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVENG.SYS [93272 2013-09-21] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVEX15.SYS [1612376 2013-09-21] (Symantec Corporation)
S3 O2MDGRDR; C:\Windows\System32\DRIVERS\o2mdg.sys [51616 2009-01-07] (O2Micro )
S3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdg.sys [41760 2009-01-07] (O2Micro )
S3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-17] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS [352344 2013-04-24] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S2 SharedAccess;

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys C7C7606B37C77632949BF55E7FDE494E
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 48EB99503533C27AC6135648E5474457
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\DRIVERS\Apfiltr.sys FB7C669774FFCACD77B5969EE5D9A19B
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\system32\drivers\atapi.sys 0D83C87A801A3DFCD1BF73893FE7518C
C:\Windows\System32\drivers\BCM42RLY.sys 31A7CF8B26035FCF58BD1DBF36B1E69A
C:\Windows\System32\DRIVERS\bcmwl6.sys FA6707A346CD122407F3B0BAD1C47639
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys F4220FE21B61F45A1CA2E524A6E9B1FC
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 8153396D5551276227FA146900F734E6
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 72DF06D26AE4CED2E08F428B96302B0E
C:\Windows\System32\DRIVERS\bridge.sys 72DF06D26AE4CED2E08F428B96302B0E
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys 3BEE52611F22C9C0023A98A4425E084F
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys 0703B9DEE7EEC6D6370EDEBD43D0F5C2
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 4FC0A44DA7603229E1A9454126A59EFD
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys A3E9FA213F443AC77C7746119D13FEEC
C:\Windows\System32\drivers\disk.sys 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\drivers\drmkaud.sys A261867E0862BE565BC1F86D387C0805
C:\Windows\System32\drivers\dxgkrnl.sys 85F33880B8CFB554BD3D9CCDB486845A
C:\Windows\System32\DRIVERS\e1e6032.sys 908ED85B7806E8AF3AF5E9B74F7809D4
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys DD2CD259D83D8B72C02C5F2331FF9D68
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys E1E3804F7C59EA3E14637C2A763F65E2
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 6D84DFC3B5C5052881BF50470D0C03D1
C:\Windows\system32\drivers\errdev.sys F2A80DE2D1B7116052C09CB4D4CA1416
C:\Windows\System32\Drivers\exfat.sys 0D858EB20589A34EFB25695ACAA6AA2D
C:\Windows\System32\Drivers\fastfat.sys 3C489390C2E2064563727752AF8EAB9E
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 05EA53AFE985443011E36DAB07343B46
C:\Windows\System32\Drivers\Fs_Rec.sys 65EA8B77B5851854F0C55C43FA51A198
C:\Windows\System32\drivers\ftdibus.sys 8142D5D886829B9876CB93AF59475C09
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\HDAudBus.sys C87B1EE051C0464491C1A7B03FA0BC99
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys 854CA287AB7FAF949617A788306D967E
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 33B02459E86D0A2B86A6B9FE19139390
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\drivers\iastor.sys BAABB0301949774A66B955C65319635A
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvix86.sys 715941AC16A273F986733BA9A2536368
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys F247EEC28317F6C739C16DE420097301
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 7A0CF7908B6824D6A2A1D313E5AE3DCA
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3DE84536B6799D2267443CEC8EDBB9
C:\Windows\System32\DRIVERS\mrxsmb.sys 5734A0F2BE7E495F7D3ED6EFD4B9F5A1
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6B5FA5ADFACAC9DBBE0991F4566D7D55
C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C80D8159181C7ABF1B14BA703B01E0B
C:\Windows\system32\drivers\msahci.sys F70590424EEFBF5C27A40C67AFDB8383
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B5614AECB05A9340AA0FB55BF561CC63
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6DFD1D322DE55B0B7DB7D21B90BEC49C
C:\Windows\System32\DRIVERS\nwifi.sys 3C21CE48FF529BB73DADB98770B54025
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\Windows\System32\drivers\ndis.sys C8560010A542B5DCA94C62468DC20784
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 3D14C3B3496F88890D431E8AA022A411
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ECB5003F484F9ED6C608D6D6C7886CBB
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys B4EFFE29EB4F15538FD8A9681108492D
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\o2mdg.sys 4F8D4B1233AF48B30F4FDC76A8865CFA
C:\Windows\System32\DRIVERS\o2sdg.sys 928B7612B65E82D68D489A1474C98B37
C:\Windows\System32\DRIVERS\ohci1394.sys 790E27C3DB53410B40FF9EF2FD10A1D9
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3B38467E7C3DAED009DFE359E17F139F
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 01B94418DEB235DFF777CC80076354B4
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys BFEF604508A0ED1EAE2A73E872555FFB
C:\Windows\System32\Drivers\PxHelp20.sys 03E0FE281823BA64B3782F5B38950E73
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 3E9D9B048107B40D87B97DF2E48E0744
C:\Windows\System32\DRIVERS\rassstp.sys A7D141684E9500AC928A772ED8E6B671
C:\Windows\System32\DRIVERS\rdbss.sys 6E1C5D0457622F9EE35F683110E93D14
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys E1C18F4097A5ABCEC941DC4B2F99DB7E
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\System32\DRIVERS\Rtlh86.sys 53892CBD9735A80712EE9439268344B4
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 031E6BCD53C9B2B9ACE111EAFEC347B6
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS C743E384E9EFCA10B41C60D406DE39C0
C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS FE9BD381778A344F0E39AE2D5E607D7F
C:\Windows\System32\DRIVERS\srv.sys 2252AEF839B1093D16761189F45AF885
C:\Windows\System32\DRIVERS\srv2.sys B7FF59408034119476B00A81BB53D5D1
C:\Windows\System32\DRIVERS\srvnet.sys 2ACCC9B12AF02030F531E6CCA6F8B76E
C:\Windows\System32\DRIVERS\stwrt.sys 5DB6772707388E1DE4D79D2025E7EF0C
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS 5A193E5E0F0A776430E5D62A051C1E16
C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS 1773FB2920EBB3A8BAD0360618091470
C:\Windows\system32\Drivers\SYMEVENT.SYS F50D81D3E0C7A353F205562B89CD06D6
C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS 8C9B9036E301A9965CF15BEC91C58A12
C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS C834343C3A23DC9BC3AA752F0CAFD04B
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\DRIVERS\tcpip.sys 782568AB6A43160A159B6215B70BCCE9
C:\Windows\System32\drivers\tcpipreg.sys D4A2E4A4B011F3A883AF77315A5AE76B
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys D09276B1FAB033CE1D40DCBDF303D10F
C:\Windows\System32\DRIVERS\termdd.sys A048056F5E1A96A9BF3071B91741A5AA
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 6042505FF6FA9AC1EF7684D0E03B6940
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys 8B5088058FA1D1CD897A2113CCFF6C58
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\DRIVERS\usbccgp.sys 2574E35330AD319A365196D68703C1DE
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 3C586AB71D7F81C1E5EB5675FFD6D940
C:\Windows\System32\DRIVERS\usbhub.sys 134445EFD1D602DA3CE9C2F9AEEBE84D
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS 87BA6B83C5D19B69160968D07D6E2982
C:\Windows\System32\DRIVERS\usbuhci.sys 4C1DC3499CF94C0B6714CF086267FD6F
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 98F5FFE6316BD74E9E2C97206C190196
C:\Windows\System32\drivers\volsnap.sys D8B4A53DD2769F226B3EB374374987C9
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys B6F0A7AD6D4BD325FBCD8BAC96CD8D96
C:\Windows\system32\drivers\wmiacpi.sys 48CA581C12022AC60FE82E2B96FBF5D4
C:\Windows\System32\DRIVERS\wpdusb.sys 0CEC23084B51B8288099EB710224E955
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WUDFRd.sys AC13CB789D93412106B0FB6C7EB2BCB6

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-10 15:57 - 2013-10-10 15:57 - 00000000 ____D C:\FRST
2013-10-05 08:15 - 2013-10-10 14:38 - 00000004 _____ C:\Users\Sean\AppData\Roaming\settings.ini
2013-10-05 08:13 - 2013-10-05 08:13 - 00233472 _____ C:\Users\Sean\bkjdksqklwdyumqptql.bfg
2013-09-10 07:25 - 2013-09-10 07:25 - 00000000 ____D C:\Users\Sean\Documents\xxxxtest

==================== One Month Modified Files and Folders =======

2013-10-10 15:57 - 2013-10-10 15:57 - 00000000 ____D C:\FRST
2013-10-10 14:44 - 2009-10-16 07:49 - 02010796 _____ C:\Windows\WindowsUpdate.log
2013-10-10 14:41 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 14:41 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 14:38 - 2013-10-05 08:15 - 00000004 _____ C:\Users\Sean\AppData\Roaming\settings.ini
2013-10-09 19:51 - 2006-11-02 08:49 - 00179111 _____ C:\Windows\setupact.log
2013-10-07 19:37 - 2010-11-29 19:10 - 00007052 _____ C:\Users\Sean\AppData\Local\d3d9caps.dat
2013-10-06 10:06 - 2008-01-20 23:02 - 00426062 _____ C:\Windows\PFRO.log
2013-10-05 08:13 - 2013-10-05 08:13 - 00233472 _____ C:\Users\Sean\bkjdksqklwdyumqptql.bfg
2013-10-05 08:13 - 2009-10-21 13:43 - 00000000 ____D C:\users\Sean
2013-09-30 19:31 - 2010-02-11 16:37 - 00000076 _____ C:\Windows\System32\PDFWRITR.INI
2013-09-30 19:31 - 2010-02-11 16:37 - 00000076 _____ C:\Windows\System32\__PDF.INI
2013-09-30 19:31 - 2006-11-02 06:23 - 00000295 _____ C:\Windows\win.ini
2013-09-14 03:02 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\System32\MRT
2013-09-14 03:01 - 2006-11-02 06:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-09-10 07:26 - 2013-09-09 21:58 - 00000000 ____D C:\Users\Sean\Documents\SPACE
2013-09-10 07:25 - 2013-09-10 07:25 - 00000000 ____D C:\Users\Sean\Documents\xxxxtest

Files to move or delete:
====================
C:\Users\Sean\AppData\Roaming\data.dat
C:\Users\Sean\AppData\Roaming\settings.ini
C:\Users\Sean\AppData\Roaming\skype.ini
C:\Users\Sean\AppData\Roaming\i.ini


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

30
Restore point made on: 2013-08-19 06:51:24
Restore point made on: 2013-08-20 06:31:27
Restore point made on: 2013-08-21 20:31:06
Restore point made on: 2013-08-23 23:34:34
Restore point made on: 2013-08-25 01:32:29
Restore point made on: 2013-08-26 22:09:35
Restore point made on: 2013-08-28 00:57:19
Restore point made on: 2013-08-29 00:00:12
Restore point made on: 2013-08-30 19:00:09
Restore point made on: 2013-08-31 11:40:21
Restore point made on: 2013-09-01 01:05:13
Restore point made on: 2013-09-02 00:00:11
Restore point made on: 2013-09-03 06:36:11
Restore point made on: 2013-09-04 00:00:06
Restore point made on: 2013-09-05 07:27:12
Restore point made on: 2013-09-06 07:20:05
Restore point made on: 2013-09-07 07:30:43
Restore point made on: 2013-09-08 02:37:15
Restore point made on: 2013-09-09 07:00:01
Restore point made on: 2013-09-10 07:01:27
Restore point made on: 2013-09-11 07:11:50
Restore point made on: 2013-09-12 00:00:06
Restore point made on: 2013-09-13 18:54:24
Restore point made on: 2013-09-14 03:00:38
Restore point made on: 2013-09-15 08:48:19
Restore point made on: 2013-09-15 08:52:43
Restore point made on: 2013-09-19 03:31:03
Restore point made on: 2013-09-26 08:28:36
Restore point made on: 2013-10-04 07:19:58
Restore point made on: 2013-10-10 09:18:33

==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 3032.89 MB
Available physical RAM: 2748.76 MB
Total Pagefile: 2857.81 MB
Available Pagefile: 2786.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.65 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:209.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.13 GB) NTFS
Drive e: () (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: A6BBEEF6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-10-07 19:42

==================== End Of Log ============================

[Essexboy]

We will try one more time. If this fails then we will run OTLPE and see if that can kill it

Download the attached fixlist.txt to the same USB as FRST
[attachment=66924:fixlist.txt]
Run FRST as before and press fix
Once done try a normal boot

If that fails then at the REATOGO desktop

• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[mewsick75]

OTL logfile created on: 10/10/2013 10:38:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Basic Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 206.27 Gb Free Space | 72.78% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 9.13 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 7.44 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/16 13:15:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/31 10:28:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\stacsv.exe -- (STacSV)
SRV - [2009/03/31 10:27:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/07 23:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2013/09/24 00:37:15 | 001,097,304 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/21 11:29:17 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/09/21 11:29:17 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20131005.007\NAVENG.SYS -- (NAVENG)
DRV - [2013/09/03 14:23:02 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/26 22:06:53 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/20 22:11:06 | 000,392,792 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/06/17 17:47:40 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/12 14:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/03/31 10:28:14 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 10:25:48 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/02/02 11:21:30 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/07 23:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/07 23:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/12/11 13:47:16 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage

IE - HKU\Sean_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\Sean_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\Sean_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Sean_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sean_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn\ [2013/10/10 16:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn\ [2013/05/10 17:05:48 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\Sean_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Sean_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Sean_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Sean_ON_C..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - Startup: Error locating startup folders.
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Sean_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Sean_ON_C Winlogon: Shell - (C:\Users\Sean\AppData\Roaming\data.dat) - C:\Users\Sean\AppData\Roaming\data.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/10/10 15:57:15 | 000,000,000 | ---D | C] -- C:\FRST
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2013/10/10 20:12:40 | 000,000,004 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\settings.ini
[2013/10/10 20:12:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/10 17:01:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/10 16:05:12 | 000,007,052 | ---- | M] () -- C:\Users\Sean\AppData\Local\d3d9caps.dat
[2013/10/10 16:05:05 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/10 16:00:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 16:00:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 16:00:28 | 3180,285,952 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/30 19:31:12 | 000,000,076 | ---- | M] () -- C:\Windows\System32\PDFWRITR.INI
[2013/09/30 19:31:12 | 000,000,076 | ---- | M] () -- C:\Windows\System32\__PDF.INI

========== Files Created - No Company Name ==========

[2013/10/10 16:00:28 | 3180,285,952 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/05 08:15:00 | 000,000,004 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\settings.ini
[2013/08/09 15:31:26 | 000,000,004 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\skype.ini
[2012/09/27 17:02:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\erolpxei.pad
[2011/02/09 07:56:29 | 000,233,472 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\data.dat
[2010/12/27 21:54:55 | 000,038,430 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/11/29 19:10:09 | 000,007,052 | ---- | C] () -- C:\Users\Sean\AppData\Local\d3d9caps.dat
[2010/10/01 15:57:18 | 000,000,870 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/10/01 15:57:18 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/10/01 15:57:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bdm8640d.dat
[2010/10/01 15:53:37 | 000,000,256 | ---- | C] () -- C:\Windows\System32\BRMSL07F.BIN
[2010/10/01 15:53:36 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/10/01 15:53:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/14 14:02:36 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/02/15 19:14:07 | 000,004,608 | ---- | C] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 09:42:43 | 000,000,244 | ---- | C] () -- C:\Windows\ACIeServices.INI
[2010/02/11 16:37:52 | 000,000,076 | ---- | C] () -- C:\Windows\System32\PDFWRITR.INI
[2010/02/11 16:37:52 | 000,000,076 | ---- | C] () -- C:\Windows\System32\__PDF.INI
[2010/02/10 13:00:33 | 000,003,547 | ---- | C] () -- C:\Windows\Apexwin.ini
[2010/02/10 12:57:34 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010/02/10 12:57:34 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010/02/10 12:57:33 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2010/02/10 12:57:29 | 000,495,616 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2010/02/10 12:57:29 | 000,000,260 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2010/02/10 12:57:20 | 000,004,608 | ---- | C] () -- C:\Windows\System32\Cp5.dll
[2010/02/10 12:57:20 | 000,000,086 | ---- | C] () -- C:\Windows\LHOUSE.INI
[2010/02/10 12:57:16 | 000,514,832 | ---- | C] () -- C:\Windows\System32\LEAD45.DLL
[2010/02/10 12:57:16 | 000,467,348 | ---- | C] () -- C:\Windows\System32\TGDRAW16.DLL
[2010/02/10 12:57:16 | 000,201,065 | ---- | C] () -- C:\Windows\System32\TGDXF16.DLL
[2010/02/10 12:57:16 | 000,193,842 | ---- | C] () -- C:\Windows\System32\TGENT16.DLL
[2010/02/10 12:57:16 | 000,152,384 | ---- | C] () -- C:\Windows\System32\TGCURV16.DLL
[2010/02/10 12:57:16 | 000,136,200 | ---- | C] () -- C:\Windows\System32\TGSOLD16.DLL
[2010/02/10 12:57:16 | 000,127,656 | ---- | C] () -- C:\Windows\System32\TG2D16.DLL
[2010/02/10 12:57:16 | 000,083,240 | ---- | C] () -- C:\Windows\System32\TGCIRC16.DLL
[2010/02/10 12:57:16 | 000,081,770 | ---- | C] () -- C:\Windows\System32\TGCLIP16.DLL
[2010/02/10 12:57:16 | 000,070,784 | ---- | C] () -- C:\Windows\System32\TG3D16.DLL
[2010/02/10 12:57:16 | 000,070,632 | ---- | C] () -- C:\Windows\System32\TGPOLY16.DLL
[2010/02/10 12:57:16 | 000,062,976 | ---- | C] () -- C:\Windows\System32\TGSURF16.DLL
[2010/02/10 12:57:16 | 000,062,464 | ---- | C] () -- C:\Windows\System32\TGKERN16.DLL
[2010/02/10 12:57:16 | 000,059,872 | ---- | C] () -- C:\Windows\System32\TGARC16.DLL
[2010/02/10 12:57:16 | 000,053,864 | ---- | C] () -- C:\Windows\System32\TGSPHR16.DLL
[2010/02/10 12:57:16 | 000,049,256 | ---- | C] () -- C:\Windows\System32\TGTRF16.DLL
[2010/02/10 12:57:16 | 000,044,032 | ---- | C] () -- C:\Windows\System32\TGTOOL16.DLL
[2010/02/10 12:57:16 | 000,042,464 | ---- | C] () -- C:\Windows\System32\TGDBAS16.DLL
[2010/02/10 12:57:16 | 000,030,768 | ---- | C] () -- C:\Windows\System32\TGCONV16.DLL
[2010/02/10 12:57:16 | 000,030,144 | ---- | C] () -- C:\Windows\System32\TGTRIG16.DLL
[2010/02/10 12:57:16 | 000,027,304 | ---- | C] () -- C:\Windows\System32\TGAREA16.DLL
[2010/02/10 12:57:16 | 000,026,408 | ---- | C] () -- C:\Windows\System32\TGTRIA16.DLL
[2010/02/10 12:57:16 | 000,025,612 | ---- | C] () -- C:\Windows\System32\TGVOL16.DLL
[2009/10/16 15:44:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009/10/16 15:44:51 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/10/16 13:04:43 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/10/16 13:04:43 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/04/11 15:18:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 15:18:36 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 13:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,263,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,799,490 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,170,540 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[1999/12/06 16:37:12 | 000,068,096 | R--- | C] () -- C:\Windows\System32\lfplt11n.dll

========== LOP Check ==========

[2011/03/12 11:02:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\acccore
[2010/02/10 12:57:55 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\EServices
[2010/10/01 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PC-FAX TX
[2010/02/10 13:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ACI
[2010/02/10 13:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ACI32
[2011/03/12 11:02:10 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM
[2009/10/21 13:39:52 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/02/10 12:59:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Cached Installations
[2009/10/21 13:39:52 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/10/21 13:39:52 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/02/10 13:05:45 | 000,000,000 | ---D | M] -- C:\ProgramData\EServices
[2009/10/21 13:39:52 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/05/09 21:18:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2010/05/14 14:02:16 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2009/10/21 13:39:52 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/16 13:10:41 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2009/10/21 13:39:52 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/10/16 13:13:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/04/15 18:36:38 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2013/10/10 14:38:22 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/18 03:20:53 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0EA9F565-5B91-44F2-B6C6-C32AD86F97C1}.job

========== Purity Check ==========


< End of report >

[Essexboy]

Next time that you reboot to normal windows could you right click the desktop and select Personalise and see if you can change the desktop

Download the attached fix.txt to the USB
[attachment=66939:fix.txt]

• Insert your USB drive with fix.txt on it
• Start OTLPE
• Drag and drop fix.txt into the Custom scans and fixes box
• If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done to normal mode if possible
• Then post a new OTL log.

[mewsick75]

The computer booted up and went into the desktop for maybe 2 seconds but then went to an all white screen again.

[Essexboy]

OK are you able to change the desktop by right clicking. Something is reinstating the winlogon malware I will need to find that

If you press windows and R key together do you get the run dialogue ?