Skip to main content

Comments

60 comments

  • Customer

    Hi,

     

    Are you able to login from safe mode or by using "last known good configuration" option (press F8 before Windows launching screen to access the menu)?

    0
  • Customer

    No I'm not able to sign in when using safe mode nor last known good configuration.

    0
  • Customer

    Ok. Do you have your XP OS installation disc around?

    0
  • Customer

    Somewhere around here.

    0
  • Customer

    Hi,

     

    What BIOS version does your system have (and what model is your computer)? Did you try to change boot order in setup utility? Did it ask you to save the changes? If changes are not saved then boot order won't be correct. Have CD-ROM device set as first boot device and hard drive as second.

    0
  • Customer

    Can't get the cd to run.

     

    I press f12 to go to the boot menu and my 3 choices are:

     

    1: Normal

    2: Hard-Disk Drive C

    3: IDE CD-ROM Device

     

    I chose to use the cd-rom and it says strike f1 to retry boot, f2 for setup utility. Hit f1 and same message comes up over and over. Any suggestions?

    0
  • Customer

    Ok. What I need you to do is to boot the system using recovery console.

     

    Insert XP installation media (CD) and restart the computer. If prompted, select any options required to boot from the CD.

    When the text-based part of Setup begins, follow the prompts; choose the repair or recover option by pressing R. When prompted, type the Administrator password. That should take you to the system prompt.

     

    Let's see if userinit.exe file is present. Write following commands and note the results down at marked points:

    cd C:\Windows\System32 (press enter)

    dir userinit.exe (press enter)

    <--note the results down-->

     

    cd C:\Windows\System32\dllcache (press enter)

    dir userinit.exe (press enter)

    <--note the results down-->

    exit (press enter to exit recovery console)

     

    Let me know the results of both queries.

    0
  • Customer

    Got the cd to work and I have a problem.

     

    When I press R and it moves to the next screen it says:

     

    Which windows installation would you like to log onto?

     

    Don't exactly understand that but that's not the problem. I can't type more than one character.

    0
  • Customer

    Press 1 and then Enter on that.

    0
  • Customer

    Made it past the admin password part. Now attempting to do what you said lol.

     

    No matching files found in either.

    0
  • Customer

    Alright I had turned off my computer so I just booted it back up. Can you list what I need to type in step by step from just pressing r and logging onto the admin?

    0
  • Customer

    Hi,

     

    Ok. Please give following commands in recovery console (replace D: with your cd drive letter):

    expand D:\i386\userinit.ex_ C:\windows\system32

    exit

     

    See if you're able to boot now.

    0
  • Customer

    Hi,

     

    In console, write those two commands I have bolded in my previous post (replace D: drive letter with your cd-rom drive letter if it's different).

    0
  • Customer

    Hi,

     

    Those were two commands meant to be entered separately, exit command only after successful file expanding operation. Underscore (_) is there on purpose too.

     

    So, it sounds like D: is not drive letter for your cd drive then. What happens if you press D: (and enter) in system prompt? If it gives an error, please try E: next and. Try next alphabet if still get an error. When successful, prompt should show blinking cursor with D:\> (or some other drive letter different from C) in front of it.

    0
  • Customer

    seperately? or in the same line? and the _ is it suppose to be there or should it be an e to finish the .exe?

     

    I tried putting it in as written and it gave me an error message saying the system cannot find the file or directory specified.

    0
  • Customer

    Ok I tried the first command and it said access is denied.

    0
  • Customer

    Sorry it took me so long to respond. I was gone for the weekend. I'm booting my computer up right now.

    0
  • Customer

    Hi,

     

    Is your cd-rom drive under letter D?

     

    Please try these commands in recovery console:

    D: [ENTER]

    CD I386 [ENTER]

    EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]


     

    Can't find the directory or file specified.

    0
  • Customer

    Hi,

     

    Is your cd-rom drive under letter D?

     

    Please try these commands in recovery console:

    D: [ENTER]

    CD I386 [ENTER]

    EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]

    0
  • Customer

    After which command you get that error? Does it come after CD I386? Is D: drive your cd-rom?

    0
  • Customer

    After which command you get that error? Does it come after CD I386? Is D: drive your cd-rom?

    Came after the last command. I'm guessing since it let me get that far it's my cd drive. But I'll try E and F and so on and so forth if need be because I have 2 cd drives.

    0
  • Customer

    Ok I logged on. Now what?

    0
  • Customer

    What files it lists if you give following command in D:\i386 folder:

    dir userinit*

     

    One way to make sure it's correct drive is to take media out of the drive and then try give command dir in D:\i386 folder. If it lists files instead of showing an error then D is not your cd-rom drive.

    0
  • Customer

    DDS (Ver_09-07-30.01) - NTFSx86

    Run by Lee ##notallowed at 13:01:37.29 on Thu 09/03/2009

    Internet Explorer: 6.0.2900.2180

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.212 [GMT -4:00]

     

     

    ============== Running Processes ===============

     

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

    C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe

    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\reader_s.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Documents and Settings\Lee ##notallowed\reader_s.exe

    C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe

    C:\WINDOWS\System32\svchost.exe -k imgsvc

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    c:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Lee ##notallowed\Desktop\dds.scr

     

    ============== Pseudo HJT Report ===============

     

    uLocal Page = \blank.htm

    uSearch Page = hxxp://www.google.com

    uStart Page = hxxp://www.myspace.com/

    uSearch Bar = hxxp://www.google.com/ie

    uDefault_Search_URL = hxxp://www.google.com/ie

    mSearch Page = hxxp://www.google.com

    mStart Page = hxxp://www.myspace.com/

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    BHO: {761e780a-8778-4154-b000-e6467f8c5033} - c:\windows\system32\kosojebi.dll

    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

    TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

    uRun: [reader_s] c:\documents and settings\lee ##notallowed\reader_s.exe

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

    mRun: [reader_s] c:\windows\system32\reader_s.exe

    mRun: [iyuzuga] rundll32.exe "c:\windows\ixulidupayazada.dll",e

    mRun: [CPMdb4bdd13] Rundll32.exe "c:\windows\system32\sawubiyi.dll",a

    mRun: [kikabamoze] Rundll32.exe "c:\windows\system32\lihelani.dll",s

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe

    uPolicies-explorer: NoFolderOptions = 1 (0x1)

    uPolicies-system: DisableRegistryTools = 1 (0x1)

    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

    Trusted Zone: pcpitstop.com

    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

    Notify: winctrl32 - WinCtrl32.dll

    AppInit_DLLs: c:\windows\system32\sorusodi.dll c:\windows\system32\sawubiyi.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sawubiyi.dll

    STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\sawubiyi.dll

    LSA: Notification Packages = scecli c:\windows\system32\sorusodi.dll wi2tl1ap.dll

     

    ================= FIREFOX ===================

     

    FF - ProfilePath - c:\docume~1\leesch~1\applic~1\mozilla\firefox\profiles\8o3s7wit.default\

    FF - prefs.js: browser.startup.homepage - www.myspace.com

    FF - plugin: c:\documents and settings\lee ##notallowed\application data\mozilla\firefox\profiles\8o3s7wit.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll

    FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll

    FF - HiddenExtension: XUL Cache: {46708313-7E9F-414F-81DF-A09D29743CCB} - c:\documents and settings\lee ##notallowed\local settings\application data\{46708313-7E9F-414F-81DF-A09D29743CCB}

    FF - HiddenExtension: XUL Cache: {D5DD0884-5CA7-4438-A46C-EC7FEE7D764F} - c:\documents and settings\administrator\local settings\application data\{d5dd0884-5ca7-4438-a46c-ec7fee7d764f}\

     

    ============= SERVICES / DRIVERS ===============

     

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160]

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

    S0 winsy63;winsy63;c:\windows\system32\drivers\winsy63.sys --> c:\windows\system32\drivers\Winsy63.sys [?]

    S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]

    S3 File;File;c:\windows\system32\File.sys [2006-10-31 8320]

    S3 Ingelirsw;Ingelirsw; [x]

    S3 mKernel;mKernel;\??\c:\documents and settings\lee ##notallowed\desktop\loa\wmfup.sys --> c:\documents and settings\lee ##notallowed\desktop\loa\WMFUP.sys [?]

    S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2006-2-7 19232]

    S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]

    S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]

    S3 XDva076;XDva076;\??\c:\windows\system32\xdva076.sys --> c:\windows\system32\XDva076.sys [?]

    S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

     

    =============== Created Last 30 ================

     

    2009-09-01 18:39 158,208 a------- c:\windows�000344.tmp

    2009-09-01 18:39 45,056 a------- c:\windows�026444.tmp

    2009-09-01 18:22 <DIR> --d----- c:\program files\NortonInstaller

    2009-09-01 16:22 21,380 a------- c:\windows\system32\AAWService_2009_09_01_16_22_22.dmp

    2009-09-01 15:59 23,696 a------- c:\windows\system32\AAWService_2009_09_01_15_59_56.dmp

    2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings

    2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton

    2009-09-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

    2009-09-01 11:45 24,576 a------- c:\windows\system32\userinit.exe

    2009-08-23 16:01 23,163 a------- c:\windows\system32\AAWService_2009_08_23_16_01_39.dmp

    2009-08-22 21:49 25,055 a------- c:\windows\system32\AAWService_2009_08_22_21_49_46.dmp

     

    ==================== Find3M ====================

     

    2009-09-03 13:01 100,590 a------- c:\windows\system32\drivers\3c96cf9.sys

    2009-09-01 18:39 30,208 a------- c:\windows\system32\reader_s.exe

    2009-09-01 18:39 30,208 a------- c:\documents and settings\lee ##notallowed\reader_s.exe

    2009-09-01 17:39 158,208 a------- c:\windows\ixulidupayazada.dll

    2009-09-01 17:39 45,056 a------- c:\windows\wi2tl1ap.dll

    2009-09-01 16:47 88,064 a--sh--- c:\windows\system32\telonapi.dll

    2009-09-01 16:47 80,384 a--sh--- c:\windows\system32\wavowibi.dll

    2007-01-17 20:33 1,443,213 a------- c:\docume~1\leesch~1\applic~1\Install.dat

    2005-11-09 22:04 13 a------- c:\program files\autobans.txt

    2005-09-01 17:04 10,156,943 a------- c:\program files\avg70free_289a392.exe

    2009-03-28 16:10 61,440 a--sh--- c:\windows\system32\gemuhede.exe

    2009-03-28 16:10 81,408 a--sh--- c:\windows\system32\lomehuda.dll

    0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\sorusodi.dll.vir

     

    ============= FINISH: 13:02:05.16 ===============

     

     

     

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

     

    DDS (Ver_09-07-30.01)

     

    Microsoft Windows XP Home Edition

    Boot Device: \Device\HarddiskVolume1

    Install Date: 7/31/2005 5:11:20 PM

    System Uptime: 9/3/2009 12:51:45 PM (1 hours ago)

     

    Motherboard: Dell Computer Corporation | | Dimension 8100

    Processor: Intel® Pentium® 4 CPU 1800MHz | Microprocessor | 1779/100mhz

     

    ==== Disk Partitions =========================

     

    C: is FIXED (NTFS) - 128 GiB total, 94.993 GiB free.

    D: is CDROM (CDFS)

    F: is CDROM ()

     

    ==== Disabled Device Manager Items =============

     

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Unsupported Device

    Device ID: ACPI\MGMT180\2&DABA3FF&0

    Manufacturer: Unknown

    Name: Unsupported Device

    PNP Device ID: ACPI\MGMT180\2&DABA3FF&0

    Service:

     

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

    Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

    Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0

    Manufacturer: 3Com

    Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

    PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0

    Service: EL90XBC

     

    ==== System Restore Points ===================

     

    No restore point in system.

     

    ==== Installed Programs ======================

     

     

    Ad-Aware

    Adobe Flash Player Plugin

    Adobe Photoshop CS

    Adobe Reader 6.0.1

    Adobe Shockwave Player

    AIM Pro

    AirPlus G

    ANIO Service

    ANIWZCS2 Service

    AOL Uninstaller (Choose which Products to Remove)

    AVI Movie Player

    Belkin 54g USB Network Adapter

    BUFFALO Client Manager 3

    Counter-Strike

    Counter-Strike

    Critical Update for Windows Media Player 11 (KB959772)

    DNA

    Easy CD & DVD Creator 6

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows Media Player 11 (KB939683)

    Hotfix for Windows XP (KB926239)

    Hotfix for Windows XP (KB952287)

    Install(US)2

    J2SE Runtime Environment 5.0 Update 3

    Life and Health Insurance

    LimeWire PRO 4.12.11

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Office Professional Edition 2003

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Word Viewer 97

    Microsoft XML Parser and SDK

    Mozilla Firefox (3.0.8)

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB954430)

    NVIDIA Drivers

    PC Pitstop Optimize2 2.0

    Picasa 2

    QuickTime

    Santa Cruz

    Security Update for CAPICOM (KB931906)

    Security Update for Windows Media Player (KB911564)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player 11 (KB936782)

    Security Update for Windows Media Player 11 (KB954154)

    Security Update for Windows Media Player 6.4 (KB925398)

    Security Update for Windows Media Player 9 (KB917734)

    Security Update for Windows Media Player 9 (KB936782)

    Security Update for Windows XP (KB890046)

    Security Update for Windows XP (KB893756)

    Security Update for Windows XP (KB896358)

    Security Update for Windows XP (KB896423)

    Security Update for Windows XP (KB896428)

    Security Update for Windows XP (KB899587)

    Security Update for Windows XP (KB899591)

    Security Update for Windows XP (KB900725)

    Security Update for Windows XP (KB901017)

    Security Update for Windows XP (KB901190)

    Security Update for Windows XP (KB901214)

    Security Update for Windows XP (KB902400)

    Security Update for Windows XP (KB904706)

    Security Update for Windows XP (KB905414)

    Security Update for Windows XP (KB905749)

    Security Update for Windows XP (KB908519)

    Security Update for Windows XP (KB911562)

    Security Update for Windows XP (KB911927)

    Security Update for Windows XP (KB913580)

    Security Update for Windows XP (KB914388)

    Security Update for Windows XP (KB914389)

    Security Update for Windows XP (KB917344)

    Security Update for Windows XP (KB917422)

    Security Update for Windows XP (KB917953)

    Security Update for Windows XP (KB918118)

    Security Update for Windows XP (KB918439)

    Security Update for Windows XP (KB919007)

    Security Update for Windows XP (KB920213)

    Security Update for Windows XP (KB920670)

    Security Update for Windows XP (KB920683)

    Security Update for Windows XP (KB920685)

    Security Update for Windows XP (KB921503)

    Security Update for Windows XP (KB922819)

    Security Update for Windows XP (KB923191)

    Security Update for Windows XP (KB923414)

    Security Update for Windows XP (KB923689)

    Security Update for Windows XP (KB923694)

    Security Update for Windows XP (KB923980)

    Security Update for Windows XP (KB924191)

    Security Update for Windows XP (KB924270)

    Security Update for Windows XP (KB924496)

    Security Update for Windows XP (KB924667)

    Security Update for Windows XP (KB925902)

    Security Update for Windows XP (KB926255)

    Security Update for Windows XP (KB926436)

    Security Update for Windows XP (KB927779)

    Security Update for Windows XP (KB927802)

    Security Update for Windows XP (KB928255)

    Security Update for Windows XP (KB928843)

    Security Update for Windows XP (KB929123)

    Security Update for Windows XP (KB929969)

    Security Update for Windows XP (KB930178)

    Security Update for Windows XP (KB931261)

    Security Update for Windows XP (KB931768)

    Security Update for Windows XP (KB931784)

    Security Update for Windows XP (KB932168)

    Security Update for Windows XP (KB933566)

    Security Update for Windows XP (KB933729)

    Security Update for Windows XP (KB935839)

    Security Update for Windows XP (KB935840)

    Security Update for Windows XP (KB936021)

    Security Update for Windows XP (KB937143)

    Security Update for Windows XP (KB938127)

    Security Update for Windows XP (KB938464)

    Security Update for Windows XP (KB938829)

    Security Update for Windows XP (KB939653)

    Security Update for Windows XP (KB941202)

    Security Update for Windows XP (KB941568)

    Security Update for Windows XP (KB941569)

    Security Update for Windows XP (KB941644)

    Security Update for Windows XP (KB941693)

    Security Update for Windows XP (KB942615)

    Security Update for Windows XP (KB943055)

    Security Update for Windows XP (KB943460)

    Security Update for Windows XP (KB943485)

    Security Update for Windows XP (KB944338)

    Security Update for Windows XP (KB944533)

    Security Update for Windows XP (KB944653)

    Security Update for Windows XP (KB945553)

    Security Update for Windows XP (KB946026)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB947864)

    Security Update for Windows XP (KB948590)

    Security Update for Windows XP (KB948881)

    Security Update for Windows XP (KB950749)

    Security Update for Windows XP (KB950759)

    Security Update for Windows XP (KB950760)

    Security Update for Windows XP (KB950762)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB951066)

    Security Update for Windows XP (KB951376-v2)

    Security Update for Windows XP (KB951376)

    Security Update for Windows XP (KB951698)

    Security Update for Windows XP (KB951748)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB953838)

    Security Update for Windows XP (KB953839)

    Security Update for Windows XP (KB954211)

    Security Update for Windows XP (KB954600)

    Security Update for Windows XP (KB955069)

    Security Update for Windows XP (KB956390)

    Security Update for Windows XP (KB956391)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956803)

    Security Update for Windows XP (KB956841)

    Security Update for Windows XP (KB957095)

    Security Update for Windows XP (KB957097)

    Security Update for Windows XP (KB958215)

    Security Update for Windows XP (KB958644)

    Security Update for Windows XP (KB958687)

    Security Update for Windows XP (KB958690)

    Security Update for Windows XP (KB960225)

    Security Update for Windows XP (KB960714)

    Security Update for Windows XP (KB960715)

    Starcraft

    Steam

    Update for Windows XP (KB894391)

    Update for Windows XP (KB898461)

    Update for Windows XP (KB900485)

    Update for Windows XP (KB908531)

    Update for Windows XP (KB910437)

    Update for Windows XP (KB911280)

    Update for Windows XP (KB916595)

    Update for Windows XP (KB920872)

    Update for Windows XP (KB922582)

    Update for Windows XP (KB927891)

    Update for Windows XP (KB930916)

    Update for Windows XP (KB931836)

    Update for Windows XP (KB933360)

    Update for Windows XP (KB936357)

    Update for Windows XP (KB938828)

    Update for Windows XP (KB942763)

    Update for Windows XP (KB942840)

    Update for Windows XP (KB946627)

    Update for Windows XP (KB951072-v2)

    Update for Windows XP (KB955839)

    Update for Windows XP (KB967715)

    Ventrilo Client

    Ventrilo Server

    Visual C++ 2008 x86 Runtime - (v9.0.30729)

    Visual C++ 2008 x86 Runtime - v9.0.30729.01

    Warcraft III: All Products

    WebFldrs XP

    Windows Genuine Advantage v1.3.0254.0

    Windows Installer 3.1 (KB893803)

    Windows Live Messenger

    Windows Media Format 11 runtime

    Windows Media Player 11

    Windows XP Hotfix - KB873339

    Windows XP Hotfix - KB885835

    Windows XP Hotfix - KB885836

    Windows XP Hotfix - KB886185

    Windows XP Hotfix - KB887472

    Windows XP Hotfix - KB888302

    Windows XP Hotfix - KB890859

    Windows XP Hotfix - KB891781

    Windows XP Service Pack 2

    WinRAR archiver

    Xfire (remove only)

     

    ==== Event Viewer Messages From Past Week ========

     

    9/1/2009 8:50:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    9/1/2009 8:49:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    9/1/2009 8:49:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BUFADPT cdudf_xp eectrl Fips intelppm IPSec NetBT RasAcd sptd Tcpip

    9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

    9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

    9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

    9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

    9/1/2009 5:51:18 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

    9/1/2009 5:51:18 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Lee ##notallowed\Desktop\buDump.exe. Reference error message: The operation completed successfully. .

    9/1/2009 5:51:18 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

    9/1/2009 5:48:25 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    9/1/2009 5:03:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eectrl sptd

    9/1/2009 4:21:15 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

    9/1/2009 4:07:05 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.

    9/1/2009 4:01:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

    9/1/2009 4:01:49 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.

    9/1/2009 4:01:49 PM, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

     

    ==== End Of File ===========================

    Attach.zip

    0
  • Customer

    So, you're out of login-logout loop now? Good, let's get some to get a picture of your system's current status.

     

    Download DDS and save it to your desktop from here or here or here.

    Disable any script blocker, and then double click dds.scr to run the tool.

    • When done, DDS will open two (2) logs:

      1. DDS.txt


      2. Attach.txt



      [*]Save both reports to your desktop. Post them back to your topic.


    Download GMER here by clicking download exe -button and then saving it your desktop:


    • Double-click .exe that you downloaded


    • Click rootkit-tab and then scan.



    • Don't check
      Show All
      box while scanning in progress!


    • When scanning is ready, click Copy.


    • This copies log to clipboard


    • Post log in your reply.



    0
  • Customer

    Hi,

     

    Please post contents of attach.txt file as you did for dds.txt file - as plain text in your post.

    0
  • Customer

    Edited.

    0
  • Customer

    DNA

    LimeWire PRO 4.12.11

     

    Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

     

     

    Download the latest version of Kaspersky Virus Removal Tool Kaspersky Virus Removal Tool

     

    * Close all other applications and double-click and run the installer.

    * When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.

    * If malware is detected, don't remove anything.

    * After the scan finishes, don't neutralize anything.

    * In the Scan window click the Reports button and select Save to file.

    * Name the report AVPT.txt, and save it to the Desktop.

    * Close AVPTool.

    * You will be prompted if you want to uninstall the program; click Yes.

    * You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.

    * Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

    0
  • Customer

    Links didn't work for Kasperky.

     

    By the way, GMER still hasn't finished.

    0
  • Customer

    Links didn't work for Kasperky.

    Something that I was afraid of.

     

    Does GMER still look like it's progressing anyway? If it is, let it attempt the run without doing anything else on background since that won't make it any faster.

     

    After that, let's see if you're able to upload following files to either Virscan or Virustotal and post back scan results for each of them:

    C:\WINDOWS\System32\lsass.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    0

Please sign in to leave a comment.