Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] wallpaper that wont go away, malware, problems!


  • This topic is locked This topic is locked
70 replies to this topic

#1 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 31 January 2010 - 03:53 PM

I have been repeatedly attacked by something that changes my wallpaper to the following: "Your System is Infected! System has been stopped due to a serious malfunction. Spyware activity has been detected." It is recomended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed." I have performed a system restore 2 times in the past few weeks that will take it away, but it just keeps coming back. I am sure it is hiding in my system restore somehow...... I noticed a similar thread that had the same exact problem, but the solution wont fix mine!

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 31 January 2010 - 05:26 PM

Hi,

Please do the following:


Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).



NEXT



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 31 January 2010 - 10:16 PM

Ok,

first off, .... THANK YOU FOR YOUR HELP! :)

I ran everything almost successfully and posted the log text.

The GMER scan would get close to completing my C drive files and then crashed 3 times in a row. I posted the results before the crash.

exeHelper by Raktor
Build 20091220
Run at 21:50:57 on 01/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\41.exe
Error deleting C:\WINDOWS\system32\41.exe - Set for removal on reboot - PLEASE REBOOT
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20091220
Run at 22:26:05 on 01/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\41.exe
Error deleting C:\WINDOWS\system32\41.exe - Set for removal on reboot - PLEASE REBOOT
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


DDS (Ver_09-12-01.01) - NTFSx86
Run by Chad at 21:52:49.34 on Sun 01/31/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1395 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Chad\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [smss32.exe] c:\windows\system32\smss32.exe
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [smss32.exe] c:\windows\system32\smss32.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\helper32.dll
Trusted Zone: buy-internet-security10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: line6.net
Trusted Zone: buy-internet-security10.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207617765296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207617848437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chad\applic~1\mozilla\firefox\profiles\hy7chk1p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\chad\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-4 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-4 352920]
S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [2008-4-13 530560]

=============== Created Last 30 ================

2010-02-01 02:43:53 0 ----a-w- c:\windows\system32\16827.exe
2010-02-01 02:23:53 0 ----a-w- c:\windows\system32\23281.exe
2010-02-01 02:03:53 0 ----a-w- c:\windows\system32\28145.exe
2010-02-01 01:43:53 0 ----a-w- c:\windows\system32\5705.exe
2010-02-01 01:23:53 0 ----a-w- c:\windows\system32\24464.exe
2010-02-01 01:03:53 0 ----a-w- c:\windows\system32\26962.exe
2010-02-01 00:43:53 0 ----a-w- c:\windows\system32\29358.exe
2010-02-01 00:23:53 0 ----a-w- c:\windows\system32\11478.exe
2010-01-31 21:02:09 0 d-----w- c:\program files\InternetSecurity2010
2010-01-31 20:26:41 0 ----a-w- c:\windows\system32\15724.exe
2010-01-31 20:06:40 0 ----a-w- c:\windows\system32\19169.exe
2010-01-31 19:46:40 0 ----a-w- c:\windows\system32\26500.exe
2010-01-31 19:26:40 0 ----a-w- c:\windows\system32\6334.exe
2010-01-31 19:06:40 0 ----a-w- c:\windows\system32\18467.exe
2010-01-31 13:05:28 0 ----a-w- c:\windows\system32\41.exe
2010-01-31 13:05:21 30720 ----a-w- c:\windows\system32\helper32.dll
2010-01-31 13:05:16 34304 ----a-w- C:\U.exe
2010-01-31 13:05:14 34304 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-31 13:05:14 34304 ----a-w- c:\windows\system32\smss32.exe
2010-01-23 14:49:07 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-20 17:15:45 2931 ----a-w- c:\windows\system32\warning.html
2010-01-13 12:35:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll

============= FINISH: 21:53:27.76 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2008 6:05:42 PM
System Uptime: 1/31/2010 5:21:58 PM (4 hours ago)

Motherboard: PCCHIPS | | P53G
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | CPU 1 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 14.135 GiB free.
D: is CDROM ()
F: is CDROM ()
H: is FIXED (NTFS) - 56 GiB total, 33.102 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_53641106&REV_00\3&267A616A&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_53641106&REV_00\3&267A616A&0&05
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1106&DEV_3371&SUBSYS_19750908&REV_01\4&354AEA31&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1106&DEV_3371&SUBSYS_19750908&REV_01\4&354AEA31&0&0008
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
AiO_Scan
AIOMinimal
AiOSoftware
Apple Mobile Device Support
Apple Software Update
ATT-HSI
att.net Internet Mail
AutoCAD 2009 - English
avast! Antivirus
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Director
DocProc
DVD-Cover Printmaster 1.2
Fax
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 14
Java™ 6 Update 11
Java™ 6 Update 7
Legacy 7.0
Legacy Charting 7.0
LightScribe 1.8.15.1
LimeWire 5.2.13
Line 6 Uninstaller
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MyHeritage Family Tree Builder
Nero 7 Essentials
neroxml
OGA Notifier 2.0.0048.0
Overland
Photodex Presenter
PhotoGallery
Preclick PhotoMovieMaker
PrintScreen
ProShow
ProShow Gold
QFolder
QuickProjects
QuickTime
Readme
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SkinsHP2
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

1/31/2010 3:41:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/31/2010 3:40:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2010 3:40:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP ElbyCDIO Fips intelppm
1/25/2010 11:14:29 AM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202n________________sb01____#5&1ecb45c8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.
1/25/2010 11:14:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001BB9CD3D1E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/24/2010 2:39:39 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 22:41:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chad\LOCALS~1\Temp\kfwdaaod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB95516B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB9551574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB9551A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB955114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB955164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB955108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB95510F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB955176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB955172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB95518AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074 F7751BDE

---- Threads - GMER 1.0.15 ----

Thread System [4:332] F775293A
---- Processes - GMER 1.0.15 ----

Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [268] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [484] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [520] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [560] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [752] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [996] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1096] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1216] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1296] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\smss32.exe [1452] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1920] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2764] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2788] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3408] 0x35670000

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 31 January 2010 - 10:44 PM

Hi,

You have a very nasty rootkit infection on board - there is a fix for it.


This is a fairly new infection and the fix is new so it might take me a little while to respond to you.

This is on top of some other infections on your machine.

While I am working out the fix for the root kit: - please run ComboFix - it will at least stabilize your computer so we can clean it properly:

Please do the following:



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 01 February 2010 - 12:28 PM

Ok,

I downloaded the program to my desktop and ran it. It asked me to download the recovery software and I did.

It seemed to run exactly like it was supposed to, but when it said it was going to restart it seemed to stall. It said it may take 10 minutes or double that if the infection was bad. I let it go and eventually the icons and taskbar dissapeared like it was going to restart, but it sat there for about 2 hours. I didn't want to restart it on my own because it said specifically not to!

I started to make my lunch and when I went back to check on it I noticed that it was rebooting. I went back to the kitchen and upon returning 10 minutes later, it was rebooting again. I watched as it continued to reboot over and over again.

I tried booting in all safe mode options, boot to last good configuration, and start windows normally. All of them just lead to a reboot.

I then tried to go into the windows recovery. This is what it showed:

Microsoft Windows XP™ Recovery Console

The Recovery Console provides system repair and recovery functionality

Type EXIT to quit the Recovery Console and restart the computer

1. C:\Windows

Which Windows installation would you like to log onto
(To cancel press ENTER)?


I tried to type 1, but it asks for an administrator password......

sorry! I followed the instructions exactly! :(

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 February 2010 - 12:37 PM

see if you can boot into just safe mode, that will allow combo fix to finish.

If you cannot boot to safe mode what happens?

It may have removed an infected userinit - without me knowing the name of the infected file that was there I can't replace it at this time, so we need a boot CD


If you cannot boot into safe mode then you will need to have access to a machine that can burn CD's

Please do the following:

We will need to make a BOOT CD

Print these instruction out so that you know what you are doing.

Two programs to download

First

Please downloadISOBurner and save it to your desktop. This program will allow you to burn OTLPE.ISO to make a bootable CD.
  •  
  • Double click the ISOBurner set up icon to install the program, from there on in it is fairly automatic.
  • There are Instructions for the iso burner here if you need them.

Second


  • Download OTLPE.iso save it to your desktop. Now burn OTLPE.iso to a CD using ISO Burner. {NOTE: This file is 292Mb in size so it may take some time to download.)
  • When downloaded double click OTLPE.iso > this will then open ISOBurner to burn the file to CD

  • Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • you will find an icon on the desktop called OTLPE > Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to SafeList
  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 01 February 2010 - 12:46 PM

ok! going to a machine that will allow me to do that now! Thank you! :thumbup:

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 February 2010 - 12:52 PM

Just see if you can get into RC for a moment, as there may be some commands we can use in Recovery Console as well... just type 1 for the windows version, then when it asks for the administrator's password, just keep pressing enter as you don't have a password, it should skip past that and enter into the Recovery Console...see if it will.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 01 February 2010 - 01:42 PM

when i press enter it just keeps asking for password until I have tried 3 attempts and forces me to reboot.

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 February 2010 - 01:45 PM

OK, carry on with the OTLPE then, we'll be able to get you in and fix it with that.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#11 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 01 February 2010 - 02:06 PM

Ok, making disc now, heading home after that. Thank you!

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 February 2010 - 02:08 PM

:thumbup: I'll be around later on

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 01 February 2010 - 08:59 PM

ok,

succes running the OTLPE!

I am posting the log below.

I have the perfect set up now that I have brought my machine to my dads and can reply on his for tonight!

OTL logfile created on: 2/1/2010 4:35:36 PM - Run
OTLPE by OldTimer - Version 3.1.27.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 33.10 Gb Free Space | 59.22% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 15.92 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [Auto] -- -- (WZCSVC)
SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [Disabled] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Auto] -- -- (stisvc) Windows Image Acquisition (WIA)
SRV - File not found [On_Demand] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (ScsiAccess)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [On_Demand] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [On_Demand] -- -- (odserv)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (NMIndexingService)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (NBService)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (McciCMService)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (LightScribeService)
SRV - File not found [Auto] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (Imapi Helper)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [On_Demand] -- -- (EapHost)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [Auto] -- -- (BITS)
SRV - File not found [On_Demand] -- -- (avast! Web Scanner)
SRV - File not found [On_Demand] -- -- (avast! Mail Scanner)
SRV - File not found [Auto] -- -- (avast! Antivirus)
SRV - File not found [On_Demand] -- -- (Autodesk Licensing Service)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Auto] -- -- (aswUpdSv)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Kernel | System] -- -- (WS2IFSL)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | Boot] -- -- (vkquwexg)
DRV - File not found [Kernel | Boot] -- -- (ViaIde)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | System] -- -- (VClone)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbprint)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | Boot] -- -- (uagp35)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (neokdss)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand] -- -- (L6PODX3LV)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (ip6fw)
DRV - File not found [Kernel | System] -- -- (intelppm)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HPZius12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZipr12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZid412)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand] -- -- (gameenum)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | System] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (FETNDIS)
DRV - File not found [Kernel | System] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (emu10k) Creative SB Live! (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (ElbyDelay)
DRV - File not found [Kernel | System] -- -- (ElbyCDIO)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | On_Demand] -- -- (ctljystk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | System] -- -- (aswTdi)
DRV - File not found [Kernel | System] -- -- (aswSP)
DRV - File not found [Kernel | On_Demand] -- -- (aswRdr)
DRV - File not found [File_System | Auto] -- -- (aswMon2)
DRV - File not found [File_System | Auto] -- -- (aswFsBlk)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
DRV - File not found [Kernel | System] -- -- (AFS2K)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | System] -- -- (Aavmker4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Chad_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Chad_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Miranda_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Miranda_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File not found
O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\Miranda_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Miranda_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll File not found
O3 - HKU\Miranda_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF9372.cfx File not found
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe File not found
O4 - HKU\Chad_ON_D..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\Chad_ON_D..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKU\Chad_ON_D..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKU\Chad_ON_D..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\Chad_ON_D..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKLM..\RunOnce: [atapi] C:\ComboFix\SW_atapi.reg File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF9372.cfx File not found
O4 - HKLM..\RunOnce: [ComboFix_Pre] C:\ComboFix\Res.bat File not found
O4 - HKU\Miranda_ON_D..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\helper32.dll File not found
O15 - HKLM\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Chad_ON_D\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: is-soft-download.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\Miranda_ON_D\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: is-soft-download.com ([]http in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1207617765296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1207617848437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 17:04:10 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========

[2010/01/27 11:59:28 | 00,013,704 | ---- | M] () -- C:\HIS101 - Research Paper Topic.docx
[2010/01/20 10:11:00 | 00,000,165 | -H-- | M] () -- C:\~$names.xlsx
[2010/01/20 00:12:01 | 00,010,553 | ---- | M] () -- C:\names.xlsx

========== Files Created - No Company Name ==========

[2010/01/27 11:59:28 | 00,013,704 | ---- | C] () -- C:\HIS101 - Research Paper Topic.docx
[2010/01/20 10:11:00 | 00,000,165 | -H-- | C] () -- C:\~$names.xlsx
[2010/01/20 00:12:01 | 00,010,553 | ---- | C] () -- C:\names.xlsx

========== LOP Check ==========


========== Purity Check ==========


< End of report >


#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 01 February 2010 - 09:14 PM

OK,

That's great - we know you can get in with the OTLPE

First we need to find the file name and error your are getting:

Reboot your computer:

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system errors, write down the STOP error code, as well as any written out error message back here.

    The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image


Hopefully it will list a file name that we can then go after in OTLPE

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#15 dzmr5s

dzmr5s

    Authentic Member

  • Authentic Member
  • PipPip
  • 54 posts

Posted 01 February 2010 - 09:33 PM

here is the result: The problem seems to be caused by the following file: usbhub.sys DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS *** STOP: 0X000000CE (OXF77F1BDE, 0X00000000, OXF77F1BDE, 0X00000000)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users