Trojans and Hanging at "Windows is shutting down..."

Hi there!

I have problems with a computer that I am trying to fix for a friend. I can usually figure most of these things out, but this time I am lost. As suggested, I have run a Deckard test, so it will be at the bottom of the message.

My friend gave me this computer and said that she never had problems until she let someone borrow it for a week. Ever since, she's gotten software offers from illegitimate companies (such as "Buy our Anti Viral software!" or "You have viruses, click here to download the fix "). Additionally, the computer hangs at "Windows is shutting down ... "

Here is what I have done so far:
Since Symantec was not fully licensed, I downloaded AVG Anti-Virus and ran a scan. This removed some threats.
I scanned with Ad-Aware 2007 and removed 239 threats.
I removed all programs in Add/Remove that were toolbars that I did not recognize.
I deleted temporary files, and attempted restarting ... except I can't restart. Every time I have to force the computer down.

Can you help with these problems? Any efforts would be appreciated.

Thanks,
Utt





Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-04 13:27:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2007-10-04 17:27:15 UTC - RP233 - Deckard's System Scanner Restore Point
65: 2007-10-04 15:41:22 UTC - RP232 - Removed Symantec AntiVirus
64: 2007-10-04 14:37:55 UTC - RP231 - Installed Ad-Aware 2007
63: 2007-10-04 14:18:14 UTC - RP230 - Installed AVG 7.5
62: 2007-10-04 13:58:07 UTC - RP229 - Removed Google Photos Screensaver


-- First Restore Point --
1: 2007-07-18 14:58:07 UTC - RP168 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:46 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MetaTrader Data Center\mtdcsrv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] C:\Program Files\WinAntiVirus Pro 2007\WinAv.exe /min
O4 - HKLM\..\Run: [DriveCleaner Freeware] "C:\Program Files\DriveCleaner Freeware\UDC.exe" /min
O4 - HKLM\..\Run: [UDC6_cw] "C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe" -c
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Online Video Add-on\icthis.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O22 - SharedTaskScheduler: cacomixls - {5feba593-3e6d-4606-ae6e-0680501cd29e} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: MetaTrader Data Center (mtdcsrv) - MetaQuotes Software Corp. - C:\Program Files\MetaTrader Data Center\mtdcsrv.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 7808 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys <Not Verified; Conexant Systems, Inc; UIU HW Access x86 Driver (SYS)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 mtdcsrv (MetaTrader Data Center) - "c:\program files\metatrader data center\mtdcsrv.exe" /start <Not Verified; MetaQuotes Software Corp.; MetaTradee Data Center>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 msfwsvc (OneCare Firewall) - "c:\program files\microsoft windows onecare live\firewall\msfwsvc.exe" (file missing)
S2 OneCareMP (OneCare AntiSpyware and AntiVirus) - "c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe" (file missing)
S2 winss (Windows Live OneCare) - c:\program files\microsoft windows onecare live\winss.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_30A5103C&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_30A5103C&REV_03\3&B1BFB68&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_30A5103C&REV_03\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_30A5103C&REV_03\3&B1BFB68&0&11
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-06-02 11:38:15 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2007-09-04 and 2007-10-04 -----------------------------

2007-10-04 13:28:35 0 d-------- C:\Program Files\Trend Micro
2007-10-04 10:37:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-04 10:37:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 10:30:26 0 dr-h----- C:\$VAULT$.AVG
2007-10-04 10:19:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-04 10:18:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-04 10:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-04 10:18:15 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-04 10:15:46 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-04 10:15:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-10-04 09:55:52 0 --a------ C:\Documents and Settings\Administrator\NULL
2007-10-04 09:50:03 0 d-------- C:\WINDOWS\CSC
2007-09-28 22:20:50 8704 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-28 22:03:47 0 d-------- C:\Program Files\Online Video Add-on
2007-09-24 09:04:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-24 08:44:07 0 d-------- C:\Program Files\MetaTrader Data Center
2007-09-07 10:32:54 0 d-------- C:\Program Files\iPod
2007-09-07 10:32:31 0 d-------- C:\Program Files\iTunes
2007-09-07 10:30:45 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-04 18:23:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2007-10-04 11:42:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-04 11:42:11 0 d-------- C:\Program Files\Symantec
2007-10-04 11:42:09 0 d-------- C:\Program Files\Symantec AntiVirus
2007-10-04 10:37:57 0 d-------- C:\Program Files\Lavasoft
2007-10-04 10:37:30 0 d-------- C:\Program Files\Common Files
2007-10-04 09:58:15 0 d-------- C:\Program Files\Google
2007-10-04 07:44:30 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-02 05:49:36 664 --a------ C:\Documents and Settings\Administrator\Application Data\update.log
2007-10-01 21:10:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-09-28 21:58:13 12800 --a-s---- C:\WINDOWS\system32\vusxqm.dll
2007-09-28 20:22:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-28 20:22:49 0 d-------- C:\Program Files\Full Tilt Poker
2007-09-28 20:21:27 0 d-------- C:\Program Files\Apple Software Update
2007-09-10 22:35:31 1354 --a----c- C:\WINDOWS\checkip.dat
2007-09-03 13:10:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2007-09-03 12:45:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-08-26 20:57:00 0 d-------- C:\Program Files\BTR Pro


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneCareUI "= "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/31/2007 09:24 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/05/2007 06:03 PM]
"WinAntiVirus Pro 2007 "= "C:\Program Files\WinAntiVirus Pro 2007\WinAv.exe" []
"DriveCleaner Freeware "= "C:\Program Files\DriveCleaner Freeware\UDC.exe" []
"UDC6_cw "= "C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe" []
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/04/2007 10:18 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/13/2007 09:53 PM]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [07/29/2006 08:34 PM]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [10/13/2006 06:20 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some "=C:\Program Files\Online Video Add-on\icthis.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk
backup=C:\WINDOWS\pss\InterVideo Scheduler server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88cce11a-768d-11db-a168-0014a5f8a34d}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-10-04 13:29:21 ------------

 

Welcome to WindowsBBS Utt

You've got some remnants of a zlob infection. Download SmitfraudFix by S!Ri, saving it to the desktop.

• Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
• Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
• You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
• If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
• Reboot to normal mode when the tool completes.

Post the contents of C:\rapport.txt and a fresh dss log.

 

Hi Dave,

Thanks so much for your fast reply. I will have the log for you on Tuesday (going away for the long weekend). Thanks again, and I will get back to you!

Utt

 

This is disheartening.

I returned from the weekend to find the laptop waiting for me. Unfortunately, someone used it over the weekend and it now has more problems than we had before. I am unable to start windows at all. None of the safe modes work, Last Known Good Configuration does not work, and starting windows normally does not work.

When I start in safe mode, the last driver to load is Mup.sys. It hangs there for about 30 seconds, and then the computer reboots.

I went to the BIOS (it is a Compaq Presario C304NR).
PhoenixBIOS Setup Utility
Diagnostics > Primary Hard Disk Self Test > Enter
This launches "(Quick) Test Executing" ... the result reads:
Test Status: #1- 07 Fail

HP Support website indicates that I should contact them for a replacement hard drive (except we're not under warranty, so that's not a cost-effective option).
http://h10025.www1.hp.com/ewfrf/wc/...45184&lang=en&docname=c00480483#c00480483_doc
"If any test fails , contact HP service and support for instructions on how to order a replacement hard drive. "

The user does not have the original Windows CDs, so I feel like this system is a lost cause. I recommended that she take it somewhere to get the files recovered. Before I give it back to her, do you have any other suggestions, or do you think this is a done deal?

Thank you again for your help,
Utt

 

Use F8 to get to the Advanced Startup Menu and select 'Disable Automatic Restart'. It should blue screen. Post the error message in it's entirety.

 

Good idea! Here is the blue screen message:
---------------------------

A problem has been detected and Windows has been shut down to prevent damage to your computer.

UNMOUNTABLE_BOOT_VOLUME

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

*** STOP: 0x000000ED (0x82356030, 0xC0000006, 0x00000000, 0x00000000)

---------------------------

I appreciate your vigilance.
Utt

 

If you have an XP cd (doesn't have to be the original), boot with it into the Recovery Console and when you get to the command prompt, type chkdsk /r then hit enter. Type Exit when back at the command prompt to restart the computer. If that doesn't help, go back to the recovery console and this time type fixboot at the command prompt.

If you don't have an XP cd or cannot otherwise get to the recovery console, let me know. We can make another disk to work from.

 

Hi Dave,

I got my hands on an XP CD and booted from it. When it loaded everything, I pressed R for the recovery console. I received the following message:

Windows XP Professional Setup
=======================

Setup did not find any hard disk drives installed in your computer.

Make sure any hard disk drives are powered on and properly connected to your computer, and that any disk-related hardware configuration is correct. This may involve running a manufacturer-supplied diagnostic or setup program.

Setup cannot continue. To quit Setup, press F3.​

I unscrewed the bottom panel that covers the hard drive on the laptop. I released the hard drive from its connectors and reconnected it. I ran the recovery console again, and I received the same error. Any thoughts?

Utt

 

Sure sounds like the hard drive died to me. I'll give a whistle for a couple of hardware gurus to look in and see if they can recommend anything else.

 

Try 'Load Setup Defaults' in the BIOS and reboot, then see if the BIOS shows the drive as connected.