Malware
Ok so I have malware and need some help. The link shown has a description of the problem.
-
Hi,
Are you able to login from safe mode or by using "last known good configuration" option (press F8 before Windows launching screen to access the menu)?
0 -
No I'm not able to sign in when using safe mode nor last known good configuration.
0 -
Ok. Do you have your XP OS installation disc around?
0 -
Somewhere around here.
0 -
Hi,
What BIOS version does your system have (and what model is your computer)? Did you try to change boot order in setup utility? Did it ask you to save the changes? If changes are not saved then boot order won't be correct. Have CD-ROM device set as first boot device and hard drive as second.
0 -
Can't get the cd to run.
I press f12 to go to the boot menu and my 3 choices are:
1: Normal
2: Hard-Disk Drive C
3: IDE CD-ROM Device
I chose to use the cd-rom and it says strike f1 to retry boot, f2 for setup utility. Hit f1 and same message comes up over and over. Any suggestions?
0 -
Ok. What I need you to do is to boot the system using recovery console.
Insert XP installation media (CD) and restart the computer. If prompted, select any options required to boot from the CD.
When the text-based part of Setup begins, follow the prompts; choose the repair or recover option by pressing R. When prompted, type the Administrator password. That should take you to the system prompt.
Let's see if userinit.exe file is present. Write following commands and note the results down at marked points:
cd C:\Windows\System32 (press enter)
dir userinit.exe (press enter)
<--note the results down-->
cd C:\Windows\System32\dllcache (press enter)
dir userinit.exe (press enter)
<--note the results down-->
exit (press enter to exit recovery console)
Let me know the results of both queries.
0 -
Got the cd to work and I have a problem.
When I press R and it moves to the next screen it says:
Which windows installation would you like to log onto?
Don't exactly understand that but that's not the problem. I can't type more than one character.
0 -
Press 1 and then Enter on that.
0 -
Made it past the admin password part. Now attempting to do what you said lol.
No matching files found in either.
0 -
Alright I had turned off my computer so I just booted it back up. Can you list what I need to type in step by step from just pressing r and logging onto the admin?
0 -
Hi,
Ok. Please give following commands in recovery console (replace D: with your cd drive letter):
expand D:\i386\userinit.ex_ C:\windows\system32
exit
See if you're able to boot now.
0 -
Hi,
In console, write those two commands I have bolded in my previous post (replace D: drive letter with your cd-rom drive letter if it's different).
0 -
Hi,
Those were two commands meant to be entered separately, exit command only after successful file expanding operation. Underscore (_) is there on purpose too.
So, it sounds like D: is not drive letter for your cd drive then. What happens if you press D: (and enter) in system prompt? If it gives an error, please try E: next and. Try next alphabet if still get an error. When successful, prompt should show blinking cursor with D:\> (or some other drive letter different from C) in front of it.
0 -
seperately? or in the same line? and the _ is it suppose to be there or should it be an e to finish the .exe?
I tried putting it in as written and it gave me an error message saying the system cannot find the file or directory specified.
0 -
Ok I tried the first command and it said access is denied.
0 -
Sorry it took me so long to respond. I was gone for the weekend. I'm booting my computer up right now.
0 -
Hi,Is your cd-rom drive under letter D?
Please try these commands in recovery console:
D: [ENTER]
CD I386 [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]
Can't find the directory or file specified.
0 -
Hi,
Is your cd-rom drive under letter D?
Please try these commands in recovery console:
D: [ENTER]
CD I386 [ENTER]
EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]
0 -
After which command you get that error? Does it come after CD I386? Is D: drive your cd-rom?
0 -
After which command you get that error? Does it come after CD I386? Is D: drive your cd-rom?
Came after the last command. I'm guessing since it let me get that far it's my cd drive. But I'll try E and F and so on and so forth if need be because I have 2 cd drives.
0 -
Ok I logged on. Now what?
0 -
What files it lists if you give following command in D:\i386 folder:
dir userinit*
One way to make sure it's correct drive is to take media out of the drive and then try give command dir in D:\i386 folder. If it lists files instead of showing an error then D is not your cd-rom drive.
0 -
DDS (Ver_09-07-30.01) - NTFSx86
Run by Lee ##notallowed at 13:01:37.29 on Thu 09/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.212 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\Lee ##notallowed\reader_s.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lee ##notallowed\Desktop\dds.scr
============== Pseudo HJT Report ===============
uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.myspace.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.myspace.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {761e780a-8778-4154-b000-e6467f8c5033} - c:\windows\system32\kosojebi.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [reader_s] c:\documents and settings\lee ##notallowed\reader_s.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [iyuzuga] rundll32.exe "c:\windows\ixulidupayazada.dll",e
mRun: [CPMdb4bdd13] Rundll32.exe "c:\windows\system32\sawubiyi.dll",a
mRun: [kikabamoze] Rundll32.exe "c:\windows\system32\lihelani.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: pcpitstop.com
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Notify: winctrl32 - WinCtrl32.dll
AppInit_DLLs: c:\windows\system32\sorusodi.dll c:\windows\system32\sawubiyi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sawubiyi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\sawubiyi.dll
LSA: Notification Packages = scecli c:\windows\system32\sorusodi.dll wi2tl1ap.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\leesch~1\applic~1\mozilla\firefox\profiles\8o3s7wit.default\
FF - prefs.js: browser.startup.homepage - www.myspace.com
FF - plugin: c:\documents and settings\lee ##notallowed\application data\mozilla\firefox\profiles\8o3s7wit.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll
FF - HiddenExtension: XUL Cache: {46708313-7E9F-414F-81DF-A09D29743CCB} - c:\documents and settings\lee ##notallowed\local settings\application data\{46708313-7E9F-414F-81DF-A09D29743CCB}
FF - HiddenExtension: XUL Cache: {D5DD0884-5CA7-4438-A46C-EC7FEE7D764F} - c:\documents and settings\administrator\local settings\application data\{d5dd0884-5ca7-4438-a46c-ec7fee7d764f}\
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S0 winsy63;winsy63;c:\windows\system32\drivers\winsy63.sys --> c:\windows\system32\drivers\Winsy63.sys [?]
S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]
S3 File;File;c:\windows\system32\File.sys [2006-10-31 8320]
S3 Ingelirsw;Ingelirsw; [x]
S3 mKernel;mKernel;\??\c:\documents and settings\lee ##notallowed\desktop\loa\wmfup.sys --> c:\documents and settings\lee ##notallowed\desktop\loa\WMFUP.sys [?]
S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2006-2-7 19232]
S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]
S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 XDva076;XDva076;\??\c:\windows\system32\xdva076.sys --> c:\windows\system32\XDva076.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
=============== Created Last 30 ================
2009-09-01 18:39 158,208 a------- c:\windows�000344.tmp
2009-09-01 18:39 45,056 a------- c:\windows�026444.tmp
2009-09-01 18:22 <DIR> --d----- c:\program files\NortonInstaller
2009-09-01 16:22 21,380 a------- c:\windows\system32\AAWService_2009_09_01_16_22_22.dmp
2009-09-01 15:59 23,696 a------- c:\windows\system32\AAWService_2009_09_01_15_59_56.dmp
2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-09-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-09-01 11:45 24,576 a------- c:\windows\system32\userinit.exe
2009-08-23 16:01 23,163 a------- c:\windows\system32\AAWService_2009_08_23_16_01_39.dmp
2009-08-22 21:49 25,055 a------- c:\windows\system32\AAWService_2009_08_22_21_49_46.dmp
==================== Find3M ====================
2009-09-03 13:01 100,590 a------- c:\windows\system32\drivers\3c96cf9.sys
2009-09-01 18:39 30,208 a------- c:\windows\system32\reader_s.exe
2009-09-01 18:39 30,208 a------- c:\documents and settings\lee ##notallowed\reader_s.exe
2009-09-01 17:39 158,208 a------- c:\windows\ixulidupayazada.dll
2009-09-01 17:39 45,056 a------- c:\windows\wi2tl1ap.dll
2009-09-01 16:47 88,064 a--sh--- c:\windows\system32\telonapi.dll
2009-09-01 16:47 80,384 a--sh--- c:\windows\system32\wavowibi.dll
2007-01-17 20:33 1,443,213 a------- c:\docume~1\leesch~1\applic~1\Install.dat
2005-11-09 22:04 13 a------- c:\program files\autobans.txt
2005-09-01 17:04 10,156,943 a------- c:\program files\avg70free_289a392.exe
2009-03-28 16:10 61,440 a--sh--- c:\windows\system32\gemuhede.exe
2009-03-28 16:10 81,408 a--sh--- c:\windows\system32\lomehuda.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\sorusodi.dll.vir
============= FINISH: 13:02:05.16 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2005 5:11:20 PM
System Uptime: 9/3/2009 12:51:45 PM (1 hours ago)
Motherboard: Dell Computer Corporation | | Dimension 8100
Processor: Intel® Pentium® 4 CPU 1800MHz | Microprocessor | 1779/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 128 GiB total, 94.993 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Unsupported Device
Device ID: ACPI\MGMT180\2&DABA3FF&0
Manufacturer: Unknown
Name: Unsupported Device
PNP Device ID: ACPI\MGMT180\2&DABA3FF&0
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0
Manufacturer: 3Com
Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0
Service: EL90XBC
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Ad-Aware
Adobe Flash Player Plugin
Adobe Photoshop CS
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM Pro
AirPlus G
ANIO Service
ANIWZCS2 Service
AOL Uninstaller (Choose which Products to Remove)
AVI Movie Player
Belkin 54g USB Network Adapter
BUFFALO Client Manager 3
Counter-Strike
Counter-Strike
Critical Update for Windows Media Player 11 (KB959772)
DNA
Easy CD & DVD Creator 6
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Install(US)2
J2SE Runtime Environment 5.0 Update 3
Life and Health Insurance
LimeWire PRO 4.12.11
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word Viewer 97
Microsoft XML Parser and SDK
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
PC Pitstop Optimize2 2.0
Picasa 2
QuickTime
Santa Cruz
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Starcraft
Steam
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
Ventrilo Server
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
==== Event Viewer Messages From Past Week ========
9/1/2009 8:50:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/1/2009 8:49:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/1/2009 8:49:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BUFADPT cdudf_xp eectrl Fips intelppm IPSec NetBT RasAcd sptd Tcpip
9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
9/1/2009 5:51:18 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
9/1/2009 5:51:18 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Lee ##notallowed\Desktop\buDump.exe. Reference error message: The operation completed successfully. .
9/1/2009 5:51:18 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
9/1/2009 5:48:25 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/1/2009 5:03:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eectrl sptd
9/1/2009 4:21:15 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
9/1/2009 4:07:05 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
9/1/2009 4:01:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
9/1/2009 4:01:49 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
9/1/2009 4:01:49 PM, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.
==== End Of File ===========================
0 -
So, you're out of login-logout loop now? Good, let's get some to get a picture of your system's current status.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
- When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.
- DDS.txt
Download GMER here by clicking download exe -button and then saving it your desktop:
- Double-click .exe that you downloaded
- Click rootkit-tab and then scan.
-
Don't check
Show All
box while scanning in progress!
- When scanning is ready, click Copy.
- This copies log to clipboard
- Post log in your reply.
0 - When done, DDS will open two (2) logs:
-
Hi,
Please post contents of attach.txt file as you did for dds.txt file - as plain text in your post.
0 -
Edited.
0 -
DNA
LimeWire PRO 4.12.11
Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.
Download the latest version of Kaspersky Virus Removal Tool Kaspersky Virus Removal Tool
* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
0 -
Links didn't work for Kasperky.
By the way, GMER still hasn't finished.
0 -
Links didn't work for Kasperky.
Something that I was afraid of.
Does GMER still look like it's progressing anyway? If it is, let it attempt the run without doing anything else on background since that won't make it any faster.
After that, let's see if you're able to upload following files to either Virscan or Virustotal and post back scan results for each of them:
C:\WINDOWS\System32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
0
Please sign in to leave a comment.
Comments
60 comments