
[Resolved] wallpaper that wont go away, malware, problems!
#1
Posted 31 January 2010 - 03:53 PM
Register to Remove
#2
Posted 31 January 2010 - 05:26 PM
Please do the following:
Please download exeHelper to your desktop.
- Double-click on exeHelper.com to run the fix.
- A black window should pop up, press any key to close once the fix is completed.
- Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
NEXT
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.
- Disable any script blocking protection
- Double click dds.pif to run the tool.
- When done, two DDS.txt's will open.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
NEXT

Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#3
Posted 31 January 2010 - 10:16 PM
first off, .... THANK YOU FOR YOUR HELP!

I ran everything almost successfully and posted the log text.
The GMER scan would get close to completing my C drive files and then crashed 3 times in a row. I posted the results before the crash.
exeHelper by Raktor
Build 20091220
Run at 21:50:57 on 01/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\41.exe
Error deleting C:\WINDOWS\system32\41.exe - Set for removal on reboot - PLEASE REBOOT
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
exeHelper by Raktor
Build 20091220
Run at 22:26:05 on 01/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\41.exe
Error deleting C:\WINDOWS\system32\41.exe - Set for removal on reboot - PLEASE REBOOT
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
DDS (Ver_09-12-01.01) - NTFSx86
Run by Chad at 21:52:49.34 on Sun 01/31/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1395 [GMT -5:00]
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Chad\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: TSToolbarBHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} - c:\program files\trend micro\trendsecure\transactionprotector\TSToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [smss32.exe] c:\windows\system32\smss32.exe
uRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [smss32.exe] c:\windows\system32\smss32.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\helper32.dll
Trusted Zone: buy-internet-security10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: line6.net
Trusted Zone: buy-internet-security10.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207617765296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207617848437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\chad\applic~1\mozilla\firefox\profiles\hy7chk1p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\chad\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-13 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-4 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-4 352920]
S3 L6PODX3LV;POD X3 Live Service;c:\windows\system32\drivers\L6PODX3LV.sys [2008-4-13 530560]
=============== Created Last 30 ================
2010-02-01 02:43:53 0 ----a-w- c:\windows\system32\16827.exe
2010-02-01 02:23:53 0 ----a-w- c:\windows\system32\23281.exe
2010-02-01 02:03:53 0 ----a-w- c:\windows\system32\28145.exe
2010-02-01 01:43:53 0 ----a-w- c:\windows\system32\5705.exe
2010-02-01 01:23:53 0 ----a-w- c:\windows\system32\24464.exe
2010-02-01 01:03:53 0 ----a-w- c:\windows\system32\26962.exe
2010-02-01 00:43:53 0 ----a-w- c:\windows\system32\29358.exe
2010-02-01 00:23:53 0 ----a-w- c:\windows\system32\11478.exe
2010-01-31 21:02:09 0 d-----w- c:\program files\InternetSecurity2010
2010-01-31 20:26:41 0 ----a-w- c:\windows\system32\15724.exe
2010-01-31 20:06:40 0 ----a-w- c:\windows\system32\19169.exe
2010-01-31 19:46:40 0 ----a-w- c:\windows\system32\26500.exe
2010-01-31 19:26:40 0 ----a-w- c:\windows\system32\6334.exe
2010-01-31 19:06:40 0 ----a-w- c:\windows\system32\18467.exe
2010-01-31 13:05:28 0 ----a-w- c:\windows\system32\41.exe
2010-01-31 13:05:21 30720 ----a-w- c:\windows\system32\helper32.dll
2010-01-31 13:05:16 34304 ----a-w- C:\U.exe
2010-01-31 13:05:14 34304 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-31 13:05:14 34304 ----a-w- c:\windows\system32\smss32.exe
2010-01-23 14:49:07 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-20 17:15:45 2931 ----a-w- c:\windows\system32\warning.html
2010-01-13 12:35:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
==================== Find3M ====================
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
============= FINISH: 21:53:27.76 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/6/2008 6:05:42 PM
System Uptime: 1/31/2010 5:21:58 PM (4 hours ago)
Motherboard: PCCHIPS | | P53G
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | CPU 1 | 1795/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 14.135 GiB free.
D: is CDROM ()
F: is CDROM ()
H: is FIXED (NTFS) - 56 GiB total, 33.102 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_53641106&REV_00\3&267A616A&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_53641106&REV_00\3&267A616A&0&05
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1106&DEV_3371&SUBSYS_19750908&REV_01\4&354AEA31&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1106&DEV_3371&SUBSYS_19750908&REV_01\4&354AEA31&0&0008
Service:
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
1300
1300_Help
1300Tour
1300Trb
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
AiO_Scan
AIOMinimal
AiOSoftware
Apple Mobile Device Support
Apple Software Update
ATT-HSI
att.net Internet Mail
AutoCAD 2009 - English
avast! Antivirus
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Director
DocProc
DVD-Cover Printmaster 1.2
Fax
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 14
Java 6 Update 11
Java 6 Update 7
Legacy 7.0
Legacy Charting 7.0
LightScribe 1.8.15.1
LimeWire 5.2.13
Line 6 Uninstaller
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MyHeritage Family Tree Builder
Nero 7 Essentials
neroxml
OGA Notifier 2.0.0048.0
Overland
Photodex Presenter
PhotoGallery
Preclick PhotoMovieMaker
PrintScreen
ProShow
ProShow Gold
QFolder
QuickProjects
QuickTime
Readme
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SkinsHP2
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
1/31/2010 3:41:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/31/2010 3:40:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2010 3:40:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP ElbyCDIO Fips intelppm
1/25/2010 11:14:29 AM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromtsstcorp_cddvdw_sh-s202n________________sb01____#5&1ecb45c8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.
1/25/2010 11:14:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 001BB9CD3D1E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/24/2010 2:39:39 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
==== End Of File ===========================
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 22:41:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chad\LOCALS~1\Temp\kfwdaaod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB95516B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB9551574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB9551A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB955114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB955164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB955108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB95510F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB955176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB955172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB95518AE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\Disk \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074 F7751BDE
---- Threads - GMER 1.0.15 ----
Thread System [4:332] F775293A
---- Processes - GMER 1.0.15 ----
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [268] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [484] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [520] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [560] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [752] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [996] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1096] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1216] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1296] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\smss32.exe [1452] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1920] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2764] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2788] 0x35670000
Library \\74.117.114.86\max++.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3408] 0x35670000
#4
Posted 31 January 2010 - 10:44 PM
You have a very nasty rootkit infection on board - there is a fix for it.
This is a fairly new infection and the fix is new so it might take me a little while to respond to you.
This is on top of some other infections on your machine.
While I am working out the fix for the root kit: - please run ComboFix - it will at least stabilize your computer so we can clean it properly:
Please do the following:
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

- Click on Yes, to continue scanning for malware.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#5
Posted 01 February 2010 - 12:28 PM
I downloaded the program to my desktop and ran it. It asked me to download the recovery software and I did.
It seemed to run exactly like it was supposed to, but when it said it was going to restart it seemed to stall. It said it may take 10 minutes or double that if the infection was bad. I let it go and eventually the icons and taskbar dissapeared like it was going to restart, but it sat there for about 2 hours. I didn't want to restart it on my own because it said specifically not to!
I started to make my lunch and when I went back to check on it I noticed that it was rebooting. I went back to the kitchen and upon returning 10 minutes later, it was rebooting again. I watched as it continued to reboot over and over again.
I tried booting in all safe mode options, boot to last good configuration, and start windows normally. All of them just lead to a reboot.
I then tried to go into the windows recovery. This is what it showed:
Microsoft Windows XP Recovery Console
The Recovery Console provides system repair and recovery functionality
Type EXIT to quit the Recovery Console and restart the computer
1. C:\Windows
Which Windows installation would you like to log onto
(To cancel press ENTER)?
I tried to type 1, but it asks for an administrator password......
sorry! I followed the instructions exactly!

#6
Posted 01 February 2010 - 12:37 PM
If you cannot boot to safe mode what happens?
It may have removed an infected userinit - without me knowing the name of the infected file that was there I can't replace it at this time, so we need a boot CD
If you cannot boot into safe mode then you will need to have access to a machine that can burn CD's
Please do the following:
We will need to make a BOOT CD
Print these instruction out so that you know what you are doing.
Two programs to download
First
Please downloadISOBurner and save it to your desktop. This program will allow you to burn OTLPE.ISO to make a bootable CD.
- Double click the ISOBurner set up icon to install the program, from there on in it is fairly automatic.
- There are Instructions for the iso burner here if you need them.
Second
- Download OTLPE.iso save it to your desktop. Now burn OTLPE.iso to a CD using ISO Burner. {NOTE: This file is 292Mb in size so it may take some time to download.)
- When downloaded double click OTLPE.iso > this will then open ISOBurner to burn the file to CD
- Reboot the infected system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - Your system should now display a REATOGO-X-PE desktop.
- you will find an icon on the desktop called OTLPE > Double-click on the OTLPE icon.
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start. Change the following settings
- Change Drivers to SafeList
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the C:\OTL.txt file in your reply.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#7
Posted 01 February 2010 - 12:46 PM

#8
Posted 01 February 2010 - 12:52 PM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#9
Posted 01 February 2010 - 01:42 PM
#10
Posted 01 February 2010 - 01:45 PM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
Register to Remove
#11
Posted 01 February 2010 - 02:06 PM
#12
Posted 01 February 2010 - 02:08 PM

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#13
Posted 01 February 2010 - 08:59 PM
succes running the OTLPE!
I am posting the log below.
I have the perfect set up now that I have brought my machine to my dads and can reply on his for tonight!
OTL logfile created on: 2/1/2010 4:35:36 PM - Run
OTLPE by OldTimer - Version 3.1.27.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 33.10 Gb Free Space | 59.22% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 15.92 Gb Free Space | 42.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [Auto] -- -- (WZCSVC)
SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [Disabled] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Auto] -- -- (stisvc) Windows Image Acquisition (WIA)
SRV - File not found [On_Demand] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (ScsiAccess)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [On_Demand] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [On_Demand] -- -- (odserv)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (NMIndexingService)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (NBService)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (McciCMService)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (LightScribeService)
SRV - File not found [Auto] -- -- (Lavasoft Ad-Aware Service)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (Imapi Helper)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [On_Demand] -- -- (EapHost)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [Auto] -- -- (BITS)
SRV - File not found [On_Demand] -- -- (avast! Web Scanner)
SRV - File not found [On_Demand] -- -- (avast! Mail Scanner)
SRV - File not found [Auto] -- -- (avast! Antivirus)
SRV - File not found [On_Demand] -- -- (Autodesk Licensing Service)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Auto] -- -- (aswUpdSv)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Kernel | System] -- -- (WS2IFSL)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | Boot] -- -- (vkquwexg)
DRV - File not found [Kernel | Boot] -- -- (ViaIde)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | System] -- -- (VClone)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbscan)
DRV - File not found [Kernel | On_Demand] -- -- (usbprint)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | Boot] -- -- (uagp35)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | On_Demand] -- -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (neokdss)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand] -- -- (L6PODX3LV)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (ip6fw)
DRV - File not found [Kernel | System] -- -- (intelppm)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HPZius12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZipr12)
DRV - File not found [Kernel | On_Demand] -- -- (HPZid412)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand] -- -- (gameenum)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | System] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (FETNDIS)
DRV - File not found [Kernel | System] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (emu10k) Creative SB Live! (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (ElbyDelay)
DRV - File not found [Kernel | System] -- -- (ElbyCDIO)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | On_Demand] -- -- (ctljystk)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | System] -- -- (aswTdi)
DRV - File not found [Kernel | System] -- -- (aswSP)
DRV - File not found [Kernel | On_Demand] -- -- (aswRdr)
DRV - File not found [File_System | Auto] -- -- (aswMon2)
DRV - File not found [File_System | Auto] -- -- (aswFsBlk)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
DRV - File not found [Kernel | System] -- -- (AFS2K)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | System] -- -- (Aavmker4)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Chad_ON_D\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Chad_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Chad_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Miranda_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Miranda_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll File not found
O2 - BHO: (TSToolbarBHO) - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Transaction Protector) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll File not found
O3 - HKU\Chad_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\Miranda_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Miranda_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll File not found
O3 - HKU\Miranda_ON_D\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF9372.cfx File not found
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe File not found
O4 - HKU\Chad_ON_D..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\Chad_ON_D..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKU\Chad_ON_D..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKU\Chad_ON_D..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\Chad_ON_D..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKU\Miranda_ON_D..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKLM..\RunOnce: [atapi] C:\ComboFix\SW_atapi.reg File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF9372.cfx File not found
O4 - HKLM..\RunOnce: [ComboFix_Pre] C:\ComboFix\Res.bat File not found
O4 - HKU\Miranda_ON_D..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Chad_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Miranda_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\helper32.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\helper32.dll File not found
O15 - HKLM\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Chad_ON_D\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: is-soft-download.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O15 - HKU\Chad_ON_D\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\Miranda_ON_D\..Trusted Domains: buy-internet-security10.com ([]http in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: is-soft-download.com ([]http in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\Miranda_ON_D\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1207617765296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1207617848437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\System32\SHELL32.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/06 17:04:10 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 00,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
========== Files - Modified Within 30 Days ==========
[2010/01/27 11:59:28 | 00,013,704 | ---- | M] () -- C:\HIS101 - Research Paper Topic.docx
[2010/01/20 10:11:00 | 00,000,165 | -H-- | M] () -- C:\~$names.xlsx
[2010/01/20 00:12:01 | 00,010,553 | ---- | M] () -- C:\names.xlsx
========== Files Created - No Company Name ==========
[2010/01/27 11:59:28 | 00,013,704 | ---- | C] () -- C:\HIS101 - Research Paper Topic.docx
[2010/01/20 10:11:00 | 00,000,165 | -H-- | C] () -- C:\~$names.xlsx
[2010/01/20 00:12:01 | 00,010,553 | ---- | C] () -- C:\names.xlsx
========== LOP Check ==========
========== Purity Check ==========
< End of report >
#14
Posted 01 February 2010 - 09:14 PM
That's great - we know you can get in with the OTLPE
First we need to find the file name and error your are getting:
Reboot your computer:
- When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
- Select "Disable Automatic Restart on System Failure", as shown here:
- When your system errors, write down the STOP error code, as well as any written out error message back here.
The STOP error will always appear, but the message may not. You are looking for this:
Hopefully it will list a file name that we can then go after in OTLPE
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#15
Posted 01 February 2010 - 09:33 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users