Malware

Customer

• June 10, 2021 14:06

Ok so I have malware and need some help. The link shown has a description of the problem.

 

Was told to post this link in here

0

• 

  Customer

  • June 10, 2021 14:06

  
  

  Hi,

   

  Are you able to login from safe mode or by using "last known good configuration" option (press F8 before Windows launching screen to access the menu)?

  0
• 

  Customer

  • June 10, 2021 14:06

  No I'm not able to sign in when using safe mode nor last known good configuration.

  0
• 

  Customer

  • June 10, 2021 14:06

  Ok. Do you have your XP OS installation disc around?

  0
• 

  Customer

  • June 10, 2021 14:06

  Somewhere around here.

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Hi,

   

  What BIOS version does your system have (and what model is your computer)? Did you try to change boot order in setup utility? Did it ask you to save the changes? If changes are not saved then boot order won't be correct. Have CD-ROM device set as first boot device and hard drive as second.

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Can't get the cd to run.

   

  I press f12 to go to the boot menu and my 3 choices are:

   

  1: Normal

  2: Hard-Disk Drive C

  3: IDE CD-ROM Device

   

  I chose to use the cd-rom and it says strike f1 to retry boot, f2 for setup utility. Hit f1 and same message comes up over and over. Any suggestions?

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Ok. What I need you to do is to boot the system using recovery console.

   

  Insert XP installation media (CD) and restart the computer. If prompted, select any options required to boot from the CD.

  When the text-based part of Setup begins, follow the prompts; choose the repair or recover option by pressing R. When prompted, type the Administrator password. That should take you to the system prompt.

   

  Let's see if userinit.exe file is present. Write following commands and note the results down at marked points:

  cd C:\Windows\System32 (press enter)

  dir userinit.exe (press enter)

  <--note the results down-->

   

  cd C:\Windows\System32\dllcache (press enter)

  dir userinit.exe (press enter)

  <--note the results down-->

  exit (press enter to exit recovery console)

   

  Let me know the results of both queries.

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Got the cd to work and I have a problem.

   

  When I press R and it moves to the next screen it says:

   

  Which windows installation would you like to log onto?

   

  Don't exactly understand that but that's not the problem. I can't type more than one character.

  0
• 

  Customer

  • June 10, 2021 14:06

  Press 1 and then Enter on that.

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Made it past the admin password part. Now attempting to do what you said lol.

   

  No matching files found in either.

  0
• 

  Customer

  • June 10, 2021 14:06

  Alright I had turned off my computer so I just booted it back up. Can you list what I need to type in step by step from just pressing r and logging onto the admin?

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Hi,

   

  Ok. Please give following commands in recovery console (replace D: with your cd drive letter):

  expand D:\i386\userinit.ex_ C:\windows\system32

  exit

   

  See if you're able to boot now.

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Hi,

   

  In console, write those two commands I have bolded in my previous post (replace D: drive letter with your cd-rom drive letter if it's different).

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  Hi,

   

  Those were two commands meant to be entered separately, exit command only after successful file expanding operation. Underscore (_) is there on purpose too.

   

  So, it sounds like D: is not drive letter for your cd drive then. What happens if you press D: (and enter) in system prompt? If it gives an error, please try E: next and. Try next alphabet if still get an error. When successful, prompt should show blinking cursor with D:\> (or some other drive letter different from C) in front of it.

  0
• 

  Customer

  • June 10, 2021 14:06

  
  

  seperately? or in the same line? and the _ is it suppose to be there or should it be an e to finish the .exe?

   

  I tried putting it in as written and it gave me an error message saying the system cannot find the file or directory specified.

  0
• 

  Customer

  • June 10, 2021 14:07

  Ok I tried the first command and it said access is denied.

  0
• 

  Customer

  • June 10, 2021 14:07

  Sorry it took me so long to respond. I was gone for the weekend. I'm booting my computer up right now.

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  Hi,

   

  Is your cd-rom drive under letter D?

   

  Please try these commands in recovery console:

  D: [ENTER]

  CD I386 [ENTER]

  EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]

  
  

   

  Can't find the directory or file specified.

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  Hi,

   

  Is your cd-rom drive under letter D?

   

  Please try these commands in recovery console:

  D: [ENTER]

  CD I386 [ENTER]

  EXPAND USERINIT.EX_ C:\WINDOWS\SYSTEM32 [ENTER]

  0
• 

  Customer

  • June 10, 2021 14:07

  After which command you get that error? Does it come after CD I386? Is D: drive your cd-rom?

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  After which command you get that error? Does it come after CD I386? Is D: drive your cd-rom?

  
  

  Came after the last command. I'm guessing since it let me get that far it's my cd drive. But I'll try E and F and so on and so forth if need be because I have 2 cd drives.

  0
• 

  Customer

  • June 10, 2021 14:07

  Ok I logged on. Now what?

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  What files it lists if you give following command in D:\i386 folder:

  dir userinit*

   

  One way to make sure it's correct drive is to take media out of the drive and then try give command dir in D:\i386 folder. If it lists files instead of showing an error then D is not your cd-rom drive.

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  DDS (Ver_09-07-30.01) - NTFSx86

  Run by Lee ##notallowed at 13:01:37.29 on Thu 09/03/2009

  Internet Explorer: 6.0.2900.2180

  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.212 [GMT -4:00]

   

   

  ============== Running Processes ===============

   

  C:\WINDOWS\system32\svchost -k DcomLaunch

  svchost.exe

  C:\WINDOWS\System32\svchost.exe -k netsvcs

  svchost.exe

  svchost.exe

  C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

  C:\WINDOWS\system32\spoolsv.exe

  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

  C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe

  C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

  C:\WINDOWS\system32\nvsvc32.exe

  C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

  C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

  C:\WINDOWS\Explorer.EXE

  C:\WINDOWS\System32\reader_s.exe

  C:\WINDOWS\system32\ctfmon.exe

  C:\Program Files\Picasa2\PicasaMediaDetector.exe

  C:\Documents and Settings\Lee ##notallowed\reader_s.exe

  C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe

  C:\WINDOWS\System32\svchost.exe -k imgsvc

  C:\WINDOWS\System32\svchost.exe -k HTTPFilter

  c:\Program Files\Mozilla Firefox\firefox.exe

  C:\Documents and Settings\Lee ##notallowed\Desktop\dds.scr

   

  ============== Pseudo HJT Report ===============

   

  uLocal Page = \blank.htm

  uSearch Page = hxxp://www.google.com

  uStart Page = hxxp://www.myspace.com/

  uSearch Bar = hxxp://www.google.com/ie

  uDefault_Search_URL = hxxp://www.google.com/ie

  mSearch Page = hxxp://www.google.com

  mStart Page = hxxp://www.myspace.com/

  uInternet Connection Wizard,ShellNext = iexplore

  uSearchAssistant = hxxp://www.google.com/ie

  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

  BHO: {761e780a-8778-4154-b000-e6467f8c5033} - c:\windows\system32\kosojebi.dll

  TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

  TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

  TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

  EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

  uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

  uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

  uRun: [reader_s] c:\documents and settings\lee ##notallowed\reader_s.exe

  mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

  mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

  mRun: [reader_s] c:\windows\system32\reader_s.exe

  mRun: [iyuzuga] rundll32.exe "c:\windows\ixulidupayazada.dll",e

  mRun: [CPMdb4bdd13] Rundll32.exe "c:\windows\system32\sawubiyi.dll",a

  mRun: [kikabamoze] Rundll32.exe "c:\windows\system32\lihelani.dll",s

  StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

  StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe

  uPolicies-explorer: NoFolderOptions = 1 (0x1)

  uPolicies-system: DisableRegistryTools = 1 (0x1)

  IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

  IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

  IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

  IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

  IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

  IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

  Trusted Zone: pcpitstop.com

  DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

  Notify: winctrl32 - WinCtrl32.dll

  AppInit_DLLs: c:\windows\system32\sorusodi.dll c:\windows\system32\sawubiyi.dll

  SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

  SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sawubiyi.dll

  STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\sawubiyi.dll

  LSA: Notification Packages = scecli c:\windows\system32\sorusodi.dll wi2tl1ap.dll

   

  ================= FIREFOX ===================

   

  FF - ProfilePath - c:\docume~1\leesch~1\applic~1\mozilla\firefox\profiles\8o3s7wit.default\

  FF - prefs.js: browser.startup.homepage - www.myspace.com

  FF - plugin: c:\documents and settings\lee ##notallowed\application data\mozilla\firefox\profiles\8o3s7wit.default\extensions\oberongamehost@oberongames.com\platform\winnt_x86-msvc\plugins\npOberonGameHost.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll

  FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll

  FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ZangoSA.dll

  FF - HiddenExtension: XUL Cache: {46708313-7E9F-414F-81DF-A09D29743CCB} - c:\documents and settings\lee ##notallowed\local settings\application data\{46708313-7E9F-414F-81DF-A09D29743CCB}

  FF - HiddenExtension: XUL Cache: {D5DD0884-5CA7-4438-A46C-EC7FEE7D764F} - c:\documents and settings\administrator\local settings\application data\{d5dd0884-5ca7-4438-a46c-ec7fee7d764f}\

   

  ============= SERVICES / DRIVERS ===============

   

  R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-24 64160]

  R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]

  S0 winsy63;winsy63;c:\windows\system32\drivers\winsy63.sys --> c:\windows\system32\drivers\Winsy63.sys [?]

  S3 CEDRIVER53;CEDRIVER53;\??\c:\program files\cheat engine\dbk32.sys --> c:\program files\cheat engine\dbk32.sys [?]

  S3 File;File;c:\windows\system32\File.sys [2006-10-31 8320]

  S3 Ingelirsw;Ingelirsw; [x]

  S3 mKernel;mKernel;\??\c:\documents and settings\lee ##notallowed\desktop\loa\wmfup.sys --> c:\documents and settings\lee ##notallowed\desktop\loa\WMFUP.sys [?]

  S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2006-2-7 19232]

  S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]

  S3 XDva019;XDva019;\??\c:\windows\system32\xdva019.sys --> c:\windows\system32\XDva019.sys [?]

  S3 XDva076;XDva076;\??\c:\windows\system32\xdva076.sys --> c:\windows\system32\XDva076.sys [?]

  S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

   

  =============== Created Last 30 ================

   

  2009-09-01 18:39 158,208 a------- c:\windows�000344.tmp

  2009-09-01 18:39 45,056 a------- c:\windows�026444.tmp

  2009-09-01 18:22 <DIR> --d----- c:\program files\NortonInstaller

  2009-09-01 16:22 21,380 a------- c:\windows\system32\AAWService_2009_09_01_16_22_22.dmp

  2009-09-01 15:59 23,696 a------- c:\windows\system32\AAWService_2009_09_01_15_59_56.dmp

  2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings

  2009-09-01 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton

  2009-09-01 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

  2009-09-01 11:45 24,576 a------- c:\windows\system32\userinit.exe

  2009-08-23 16:01 23,163 a------- c:\windows\system32\AAWService_2009_08_23_16_01_39.dmp

  2009-08-22 21:49 25,055 a------- c:\windows\system32\AAWService_2009_08_22_21_49_46.dmp

   

  ==================== Find3M ====================

   

  2009-09-03 13:01 100,590 a------- c:\windows\system32\drivers\3c96cf9.sys

  2009-09-01 18:39 30,208 a------- c:\windows\system32\reader_s.exe

  2009-09-01 18:39 30,208 a------- c:\documents and settings\lee ##notallowed\reader_s.exe

  2009-09-01 17:39 158,208 a------- c:\windows\ixulidupayazada.dll

  2009-09-01 17:39 45,056 a------- c:\windows\wi2tl1ap.dll

  2009-09-01 16:47 88,064 a--sh--- c:\windows\system32\telonapi.dll

  2009-09-01 16:47 80,384 a--sh--- c:\windows\system32\wavowibi.dll

  2007-01-17 20:33 1,443,213 a------- c:\docume~1\leesch~1\applic~1\Install.dat

  2005-11-09 22:04 13 a------- c:\program files\autobans.txt

  2005-09-01 17:04 10,156,943 a------- c:\program files\avg70free_289a392.exe

  2009-03-28 16:10 61,440 a--sh--- c:\windows\system32\gemuhede.exe

  2009-03-28 16:10 81,408 a--sh--- c:\windows\system32\lomehuda.dll

  0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\sorusodi.dll.vir

   

  ============= FINISH: 13:02:05.16 ===============

   

   

   

  UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

  IF REQUESTED, ZIP IT UP & ATTACH IT

   

  DDS (Ver_09-07-30.01)

   

  Microsoft Windows XP Home Edition

  Boot Device: \Device\HarddiskVolume1

  Install Date: 7/31/2005 5:11:20 PM

  System Uptime: 9/3/2009 12:51:45 PM (1 hours ago)

   

  Motherboard: Dell Computer Corporation | | Dimension 8100

  Processor: Intel® Pentium® 4 CPU 1800MHz | Microprocessor | 1779/100mhz

   

  ==== Disk Partitions =========================

   

  C: is FIXED (NTFS) - 128 GiB total, 94.993 GiB free.

  D: is CDROM (CDFS)

  F: is CDROM ()

   

  ==== Disabled Device Manager Items =============

   

  Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

  Description: Unsupported Device

  Device ID: ACPI\MGMT180\2&DABA3FF&0

  Manufacturer: Unknown

  Name: Unsupported Device

  PNP Device ID: ACPI\MGMT180\2&DABA3FF&0

  Service:

   

  Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

  Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

  Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0

  Manufacturer: 3Com

  Name: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

  PNP Device ID: PCI\VEN_10B7&DEV_9200&SUBSYS_00C71028&REV_78\4&8537DD&0&60F0

  Service: EL90XBC

   

  ==== System Restore Points ===================

   

  No restore point in system.

   

  ==== Installed Programs ======================

   

   

  Ad-Aware

  Adobe Flash Player Plugin

  Adobe Photoshop CS

  Adobe Reader 6.0.1

  Adobe Shockwave Player

  AIM Pro

  AirPlus G

  ANIO Service

  ANIWZCS2 Service

  AOL Uninstaller (Choose which Products to Remove)

  AVI Movie Player

  Belkin 54g USB Network Adapter

  BUFFALO Client Manager 3

  Counter-Strike

  Counter-Strike

  Critical Update for Windows Media Player 11 (KB959772)

  DNA

  Easy CD & DVD Creator 6

  Hotfix for Windows Media Format 11 SDK (KB929399)

  Hotfix for Windows Media Player 11 (KB939683)

  Hotfix for Windows XP (KB926239)

  Hotfix for Windows XP (KB952287)

  Install(US)2

  J2SE Runtime Environment 5.0 Update 3

  Life and Health Insurance

  LimeWire PRO 4.12.11

  Microsoft Compression Client Pack 1.0 for Windows XP

  Microsoft Office Professional Edition 2003

  Microsoft User-Mode Driver Framework Feature Pack 1.0

  Microsoft Word Viewer 97

  Microsoft XML Parser and SDK

  Mozilla Firefox (3.0.8)

  MSXML 4.0 SP2 (KB927978)

  MSXML 4.0 SP2 (KB936181)

  MSXML 4.0 SP2 (KB954430)

  NVIDIA Drivers

  PC Pitstop Optimize2 2.0

  Picasa 2

  QuickTime

  Santa Cruz

  Security Update for CAPICOM (KB931906)

  Security Update for Windows Media Player (KB911564)

  Security Update for Windows Media Player (KB952069)

  Security Update for Windows Media Player 11 (KB936782)

  Security Update for Windows Media Player 11 (KB954154)

  Security Update for Windows Media Player 6.4 (KB925398)

  Security Update for Windows Media Player 9 (KB917734)

  Security Update for Windows Media Player 9 (KB936782)

  Security Update for Windows XP (KB890046)

  Security Update for Windows XP (KB893756)

  Security Update for Windows XP (KB896358)

  Security Update for Windows XP (KB896423)

  Security Update for Windows XP (KB896428)

  Security Update for Windows XP (KB899587)

  Security Update for Windows XP (KB899591)

  Security Update for Windows XP (KB900725)

  Security Update for Windows XP (KB901017)

  Security Update for Windows XP (KB901190)

  Security Update for Windows XP (KB901214)

  Security Update for Windows XP (KB902400)

  Security Update for Windows XP (KB904706)

  Security Update for Windows XP (KB905414)

  Security Update for Windows XP (KB905749)

  Security Update for Windows XP (KB908519)

  Security Update for Windows XP (KB911562)

  Security Update for Windows XP (KB911927)

  Security Update for Windows XP (KB913580)

  Security Update for Windows XP (KB914388)

  Security Update for Windows XP (KB914389)

  Security Update for Windows XP (KB917344)

  Security Update for Windows XP (KB917422)

  Security Update for Windows XP (KB917953)

  Security Update for Windows XP (KB918118)

  Security Update for Windows XP (KB918439)

  Security Update for Windows XP (KB919007)

  Security Update for Windows XP (KB920213)

  Security Update for Windows XP (KB920670)

  Security Update for Windows XP (KB920683)

  Security Update for Windows XP (KB920685)

  Security Update for Windows XP (KB921503)

  Security Update for Windows XP (KB922819)

  Security Update for Windows XP (KB923191)

  Security Update for Windows XP (KB923414)

  Security Update for Windows XP (KB923689)

  Security Update for Windows XP (KB923694)

  Security Update for Windows XP (KB923980)

  Security Update for Windows XP (KB924191)

  Security Update for Windows XP (KB924270)

  Security Update for Windows XP (KB924496)

  Security Update for Windows XP (KB924667)

  Security Update for Windows XP (KB925902)

  Security Update for Windows XP (KB926255)

  Security Update for Windows XP (KB926436)

  Security Update for Windows XP (KB927779)

  Security Update for Windows XP (KB927802)

  Security Update for Windows XP (KB928255)

  Security Update for Windows XP (KB928843)

  Security Update for Windows XP (KB929123)

  Security Update for Windows XP (KB929969)

  Security Update for Windows XP (KB930178)

  Security Update for Windows XP (KB931261)

  Security Update for Windows XP (KB931768)

  Security Update for Windows XP (KB931784)

  Security Update for Windows XP (KB932168)

  Security Update for Windows XP (KB933566)

  Security Update for Windows XP (KB933729)

  Security Update for Windows XP (KB935839)

  Security Update for Windows XP (KB935840)

  Security Update for Windows XP (KB936021)

  Security Update for Windows XP (KB937143)

  Security Update for Windows XP (KB938127)

  Security Update for Windows XP (KB938464)

  Security Update for Windows XP (KB938829)

  Security Update for Windows XP (KB939653)

  Security Update for Windows XP (KB941202)

  Security Update for Windows XP (KB941568)

  Security Update for Windows XP (KB941569)

  Security Update for Windows XP (KB941644)

  Security Update for Windows XP (KB941693)

  Security Update for Windows XP (KB942615)

  Security Update for Windows XP (KB943055)

  Security Update for Windows XP (KB943460)

  Security Update for Windows XP (KB943485)

  Security Update for Windows XP (KB944338)

  Security Update for Windows XP (KB944533)

  Security Update for Windows XP (KB944653)

  Security Update for Windows XP (KB945553)

  Security Update for Windows XP (KB946026)

  Security Update for Windows XP (KB946648)

  Security Update for Windows XP (KB947864)

  Security Update for Windows XP (KB948590)

  Security Update for Windows XP (KB948881)

  Security Update for Windows XP (KB950749)

  Security Update for Windows XP (KB950759)

  Security Update for Windows XP (KB950760)

  Security Update for Windows XP (KB950762)

  Security Update for Windows XP (KB950974)

  Security Update for Windows XP (KB951066)

  Security Update for Windows XP (KB951376-v2)

  Security Update for Windows XP (KB951376)

  Security Update for Windows XP (KB951698)

  Security Update for Windows XP (KB951748)

  Security Update for Windows XP (KB952954)

  Security Update for Windows XP (KB953838)

  Security Update for Windows XP (KB953839)

  Security Update for Windows XP (KB954211)

  Security Update for Windows XP (KB954600)

  Security Update for Windows XP (KB955069)

  Security Update for Windows XP (KB956390)

  Security Update for Windows XP (KB956391)

  Security Update for Windows XP (KB956802)

  Security Update for Windows XP (KB956803)

  Security Update for Windows XP (KB956841)

  Security Update for Windows XP (KB957095)

  Security Update for Windows XP (KB957097)

  Security Update for Windows XP (KB958215)

  Security Update for Windows XP (KB958644)

  Security Update for Windows XP (KB958687)

  Security Update for Windows XP (KB958690)

  Security Update for Windows XP (KB960225)

  Security Update for Windows XP (KB960714)

  Security Update for Windows XP (KB960715)

  Starcraft

  Steam

  Update for Windows XP (KB894391)

  Update for Windows XP (KB898461)

  Update for Windows XP (KB900485)

  Update for Windows XP (KB908531)

  Update for Windows XP (KB910437)

  Update for Windows XP (KB911280)

  Update for Windows XP (KB916595)

  Update for Windows XP (KB920872)

  Update for Windows XP (KB922582)

  Update for Windows XP (KB927891)

  Update for Windows XP (KB930916)

  Update for Windows XP (KB931836)

  Update for Windows XP (KB933360)

  Update for Windows XP (KB936357)

  Update for Windows XP (KB938828)

  Update for Windows XP (KB942763)

  Update for Windows XP (KB942840)

  Update for Windows XP (KB946627)

  Update for Windows XP (KB951072-v2)

  Update for Windows XP (KB955839)

  Update for Windows XP (KB967715)

  Ventrilo Client

  Ventrilo Server

  Visual C++ 2008 x86 Runtime - (v9.0.30729)

  Visual C++ 2008 x86 Runtime - v9.0.30729.01

  Warcraft III: All Products

  WebFldrs XP

  Windows Genuine Advantage v1.3.0254.0

  Windows Installer 3.1 (KB893803)

  Windows Live Messenger

  Windows Media Format 11 runtime

  Windows Media Player 11

  Windows XP Hotfix - KB873339

  Windows XP Hotfix - KB885835

  Windows XP Hotfix - KB885836

  Windows XP Hotfix - KB886185

  Windows XP Hotfix - KB887472

  Windows XP Hotfix - KB888302

  Windows XP Hotfix - KB890859

  Windows XP Hotfix - KB891781

  Windows XP Service Pack 2

  WinRAR archiver

  Xfire (remove only)

   

  ==== Event Viewer Messages From Past Week ========

   

  9/1/2009 8:50:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

  9/1/2009 8:49:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

  9/1/2009 8:49:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BUFADPT cdudf_xp eectrl Fips intelppm IPSec NetBT RasAcd sptd Tcpip

  9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

  9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

  9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

  9/1/2009 8:49:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

  9/1/2009 5:51:18 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .

  9/1/2009 5:51:18 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Lee ##notallowed\Desktop\buDump.exe. Reference error message: The operation completed successfully. .

  9/1/2009 5:51:18 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

  9/1/2009 5:48:25 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

  9/1/2009 5:03:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eectrl sptd

  9/1/2009 4:21:15 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

  9/1/2009 4:07:05 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.

  9/1/2009 4:01:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

  9/1/2009 4:01:49 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.

  9/1/2009 4:01:49 PM, error: Service Control Manager [7002] - The Routing and Remote Access service depends on the NetBIOSGroup group and no member of this group started.

   

  ==== End Of File ===========================

  Attach.zip

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  So, you're out of login-logout loop now? Good, let's get some to get a picture of your system's current status.

   

  Download DDS and save it to your desktop from here or here or here.

  Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    
    
    1. DDS.txt
       
       
    
    
    2. Attach.txt
       
       
    
    
    
    

    [*]Save both reports to your desktop. Post them back to your topic.

  
  

  Download GMER here by clicking download exe -button and then saving it your desktop:

  
  
  • Double-click .exe that you downloaded
    
    
  
  
  • Click rootkit-tab and then scan.
    
    
  
  
  • 
    Don't check
    Show All
    box while scanning in progress!
    
    
  
  
  • When scanning is ready, click Copy.
    
    
  
  
  • This copies log to clipboard
    
    
  
  
  • Post log in your reply.
    
    
  
  

  
  

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  Hi,

   

  Please post contents of attach.txt file as you did for dds.txt file - as plain text in your post.

  0
• 

  Customer

  • June 10, 2021 14:07

  Edited.

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  DNA

  LimeWire PRO 4.12.11

   

  Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.

   

   

  Download the latest version of Kaspersky Virus Removal Tool Kaspersky Virus Removal Tool

   

  * Close all other applications and double-click and run the installer.

  * When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.

  * If malware is detected, don't remove anything.

  * After the scan finishes, don't neutralize anything.

  * In the Scan window click the Reports button and select Save to file.

  * Name the report AVPT.txt, and save it to the Desktop.

  * Close AVPTool.

  * You will be prompted if you want to uninstall the program; click Yes.

  * You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.

  * Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  Links didn't work for Kasperky.

   

  By the way, GMER still hasn't finished.

  0
• 

  Customer

  • June 10, 2021 14:07

  
  

  Links didn't work for Kasperky.

  
  

  Something that I was afraid of.

   

  Does GMER still look like it's progressing anyway? If it is, let it attempt the run without doing anything else on background since that won't make it any faster.

   

  After that, let's see if you're able to upload following files to either Virscan or Virustotal and post back scan results for each of them:

  C:\WINDOWS\System32\lsass.exe

  C:\WINDOWS\System32\svchost.exe

  C:\WINDOWS\system32\spoolsv.exe

  0

Please sign in to leave a comment.