Failure to boot in Safe Mode

Sam W · 2008/08/03

When I restart and try to go into safe mode, tapping F8, it will bring up the window where you pick safe mode, and it'll do that file stuff, but when it trys to boot into safe mood, it just automatically boots right back into regular windows, or tells me files are corrupt or some stuff.

Any suggestions would be greatly appreciated.

mflynn · 2008/08/03

Hi Sam

Welcome to the BBS!

Well you are lucky in that you can get into normal mode.

First I need to know if you are having issues, what you are trying to fix in safe mode. This is important give details.

Then I will post some help!

The one thing I will have you do now is a Scandisk.

Start-Run
type
chkdsk c: /r
Hit enter or click ok

It will inform you that it needs exclusive access to the disk and ask for permission to do the process on next boot. Answer yes to allow and then reboot. It may take some time allow it to finish.

After complete do not attempt Safe Mode until you have answered my question above.

Mike

Sam W · 2008/08/03

I am trying to access Safe Mode, to remove spyware that I think I have. But when I try to download a Hi Jack this program it closes out my browser so I don't guess I will be able to download that. My computer is FRIED!

mflynn · 2008/08/03

OK Sam cool down you are at the right place, so skip the moaning and spend that time giving me details about this issue.

Is it only HiJackThis which is a tool for an expert anyway that you can not download?

Do you have a name for this Spyware? And what is it doing to you?

What other measures have you taken to correct the issue?

Did you do the Chkdsk that I requested?

You indicated that you could not download HJT but can you download anything?

If you can download other things then do the below:

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe

No install, run it delete all it finds, decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Next:

Get the below install and update then post log.

http://www.malwarebytes.org/mbam.php

If it found much then reboot to Safe Mode (it may work now) and run it again then paste its new log for this run when back to normal mode!

Your ball!!!!!!!!!!!

Mike

Arie · 2008/08/04

Since user indicates probable Spyware infection, moved to Malware and Virus Removal forum.

Geri · 2008/08/04

Hi Sam
OK lets download and run Malwarebytes' Anti-Malware (MBAM) as Mike asked, here are the instructions on how to do so.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select 'Perform Quick Scan', then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Then we'll see if we can get HJT to download.
Thanks
Geri

Sam W · 2008/08/04

When I tried to do the Chkdsk it said "The type of file system NTFS can't access volume denied ".

Here is the scan report it found errors and none were hard to remove, and the Xcleaner remove stuff too.

I also tried to download HJT it still is closing my browser!

----------------------------------------

Malwarebytes' Anti-Malware 1.24
Database version: 1020
Windows 5.1.2600 Service Pack 2

5:24:07 AM 8/4/2008
mbam-log-8-4-2008 (05-24-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154635
Time elapsed: 2 hour(s), 42 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 133

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ppo.ob (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ppo.ob.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51e30bdc-0e41-4aed-8fbe-7813cb42497b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d311c486-7d5f-4d73-b791-ee56c47d3b2e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{587097ab-a686-4c3b-83a7-2b8e2d47868e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5f2b8ee3-5b51-4424-a4bd-6c0595c40007} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Animals Display Pictures (Adware.Give4Free) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MSN Messenger\Animals Display Pictures (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\441465 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\Microsoft\dtsc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\ccdecodee.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\441465\441465.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ppobo.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1295\A0229807.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1299\A0231555.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1331\A0254634.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1336\A0257663.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1353\A0261502.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1289\A0228440.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1289\A0228441.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1289\A0228443.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msn_display.exe (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c3b890879942b7eaa23250a8b94eaea7.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vntiho06\vntiho061083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vd2\cnc1dll.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\1.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\10.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\100.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\101.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\102.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\103.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\104.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\105.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\106.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\107.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\108.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\109.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\11.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\110.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\111.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\112.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\113.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\12.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\13.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\14.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\15.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\16.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\17.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\18.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\19.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\2.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\20.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\21.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\22.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\23.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\24.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\25.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\26.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\27.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\28.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\29.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\3.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\30.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\31.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\32.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\33.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\34.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\35.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\36.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\37.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\38.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\39.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\4.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\40.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\41.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\42.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\43.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\44.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\45.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\46.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\47.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\48.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\49.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\5.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\50.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\51.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\52.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\53.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\54.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\55.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\56.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\57.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\58.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\59.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\6.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\60.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\61.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\63.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\64.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\65.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\66.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\67.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\68.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\69.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\7.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\70.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\71.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\72.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\73.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\74.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\75.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\76.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\77.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\78.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\79.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\8.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\80.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\81.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\82.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\83.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\84.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\85.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\86.gif (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\87.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\88.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\89.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\9.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\90.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\91.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\92.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\93.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\94.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\95.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\96.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\97.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\98.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\99.jpg (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\readme.txt (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\setup.log (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\Animals Display Pictures\uninstall.exe (Adware.Give4Free) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\Microsoft\dtsc\id (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.

Geri · 2008/08/04

Hi Sam
OK do this.

Download a copy of HijackThis installer from here
Click to save the file, In the "save in" box choose Desktop.
In the "file name" box, change it to Killer.exe Click OK.
If it downloads, install it this way.

Double-click on the HJTintall.exe icon on your desktop.
(Let it install to the default location C:\Program Files\Hijackthis)

Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.

Put a check by Create a desktop icon and then click Next again.

Continue to follow the rest of the prompts from there.

At the final dialogue box click Finish and it will launch HijackThis.

Click on the Do a system scan only button.

After the scan.
Close HJT.

Then please download this.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

Close all other windows before proceeding.

Double-click on dss.exe and follow the prompts.

When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the “main.txt” log only for now.

Thanks
Geri

Sam W · 2008/08/05

Ok I downloaded HJT and renamed it Killer.exe it acted like it was gonna run, it just FLASHED and would never open.

Sam W · 2008/08/05

here is the DSS MAIN.txt

------------------

Deckard's System Scanner v20071014.68
Run by Sam on 2008-08-05 18:17:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
69: 2008-08-05 23:18:08 UTC - RP1357 - Deckard's System Scanner Restore Point
68: 2008-08-05 01:32:44 UTC - RP1356 - System Checkpoint
67: 2008-08-04 01:18:41 UTC - RP1355 - X-Cleaner: Before removal
66: 2008-08-04 01:12:37 UTC - RP1354 - X-Cleaner: Before removal
65: 2008-08-02 21:13:20 UTC - RP1353 - ComboFix created restore point

-- First Restore Point --
1: 2008-05-27 00:53:51 UTC - RP1289 - Installed Ad-Aware

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Sam.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-05 18:20:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sam\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ALLTEL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe "
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: tcpsvcs.lnk = C:\WINDOWS\system32\rundll32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O15 - Trusted Zone: https://care.alltel.com (HKCU)
O15 - Trusted Zone: http://care.alltel.com (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} () - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} () - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} () - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
O18 - Protocol: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: offline-8876480 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Protocol: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: aeeabfbadcce - C:\WINDOWS\system32\aeeabfbadcce.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 12167 bytes

Sam W · 2008/08/05

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20070127-011705-208 O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - (no file)
backup-20070127-011705-215 O2 - BHO: (no name) - {9BA469A1-337E-8C1C-4CB9-4A9A37CF2034} - (no file)
backup-20070127-011705-258 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
backup-20070127-011705-314 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20070127-011705-347 R3 - URLSearchHook: (no name) - - (no file)
backup-20070127-011705-405 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
backup-20070127-011705-443 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
backup-20070127-011705-524 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070127-011705-534 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pinncom.com
backup-20070127-011705-546 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20070127-011705-617 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
backup-20070127-011705-963 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20070127-011705-965 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
backup-20070127-011706-106 O18 - Protocol: bwg0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-118 O18 - Protocol: bwe0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-126 O18 - Protocol: bwn0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-127 O18 - Protocol: bwa0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-155 O18 - Protocol: bw50s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-166 O18 - Protocol: bwm0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-167 O18 - Protocol: bwy0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-204 O18 - Protocol: bwf0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-218 O18 - Protocol: bw+0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-282 O18 - Protocol: bw-0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-305 O18 - Protocol: bwl0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-310 O18 - Protocol: bwd0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-332 O18 - Protocol: bwc0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-339 O18 - Protocol: bwq0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-342 O18 - Protocol: bwq0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-343 O18 - Protocol: bwc0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-348 O18 - Protocol: bwz0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-360 O18 - Protocol: bwp0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-361 O18 - Protocol: bw30s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-371 O18 - Protocol: bw90s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-389 O18 - Protocol: bwn0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-400 O18 - Protocol: bw40s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-401 O18 - Protocol: bwk0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-404 O18 - Protocol: bwy0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-407 O18 - Protocol: bwd0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-412 O18 - Protocol: bwu0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-414 O18 - Protocol: bwo0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-421 O18 - Protocol: bwr0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-424 O18 - Protocol: bwb0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-425 O18 - Protocol: bws0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-426 O18 - Protocol: bwh0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-439 O18 - Protocol: bw60 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-454 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
backup-20070127-011706-461 O18 - Protocol: bw10 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-468 O18 - Protocol: bw20s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-475 O18 - Protocol: bw40 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-481 O18 - Protocol: bw80s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-504 O18 - Protocol: bwl0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-524 O18 - Protocol: bwt0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-553 O18 - Protocol: bw+0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-575 O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
backup-20070127-011706-576 O18 - Protocol: bwi0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-578 O18 - Protocol: bw00s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-594 O18 - Protocol: bw-0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-621 O18 - Protocol: bwf0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-624 O18 - Protocol: bw50 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-641 O18 - Protocol: bws0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-657 O18 - Protocol: bww0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-686 O18 - Protocol: bwj0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-707 O18 - Protocol: bwx0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-719 O18 - Protocol: bwi0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-731 O18 - Protocol: bwj0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-732 O18 - Protocol: bwv0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-749 O18 - Protocol: bwg0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-756 O18 - Protocol: bw20 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-758 O18 - Protocol: bwa0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-782 O18 - Protocol: bw90 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-803 O18 - Protocol: bwz0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-813 O18 - Protocol: bw10s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-815 O18 - Protocol: bwb0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-819 O18 - Protocol: bwp0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-825 O18 - Protocol: bw70s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-843 O18 - Protocol: bwo0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-851 O18 - Protocol: bw60s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-864 O18 - Protocol: bw00 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-876 O18 - Protocol: bwt0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-879 O18 - Protocol: bw70 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-882 O18 - Protocol: bww0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-884 O18 - Protocol: bwv0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-889 O18 - Protocol: bw30 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-907 O18 - Protocol: bwm0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-915 O18 - Protocol: bw80 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-919 O18 - Protocol: bwr0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-936 O20 - Winlogon Notify: sisc - C:\WINDOWS\Config\sisc.dll (file missing)
backup-20070127-011706-946 O18 - Protocol: bwh0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-950 O18 - Protocol: bwk0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-983 O18 - Protocol: bwe0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-991 O18 - Protocol: bwu0 - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070127-011706-992 O18 - Protocol: bwx0s - {522F74E7-0D98-4A7A-8D36-50EDF69F06E3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.js - JSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - %SystemRoot%\System32\CScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 ccdecodee - c:\windows\system32\drivers\ccdecodee.sys
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >

S0 c3b890879942b7eaa23250a8b94eaea7 - c:\windows\system32\c3b890879942b7eaa23250a8b94eaea7.sys (file missing)
S3 CA561 (ICatch (VI) PC Camera) - c:\windows\system32\drivers\spca561.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 lmimirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\~cua\pcampr5.sys (file missing)
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 RimUsb (BlackBerry Smartphone) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Compaq_RBA (Compaq Advisor) - c:\program files\compaq\compaq advisor\bin\compaq-rba.exe <Not Verified; NeoPlanet; NeoPlanet RBA>

S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)

Sam W · 2008/08/05

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_805B1043&REV_10\4&25296D99&0&68F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_805B1043&REV_10\4&25296D99&0&68F0
Service: rtl8139

-- Scheduled Tasks -------------------------------------------------------------

2008-08-05 07:01:21 330 --ah---c- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-04 22:48:02 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-03 20:46:50 0 d------c- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-08-03 20:46:43 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 20:46:42 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 16:11:26 68096 --a----c- C:\WINDOWS\zip.exe
2008-08-02 16:11:26 49152 --a----c- C:\WINDOWS\VFind.exe
2008-08-02 16:11:26 212480 --a----c- C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-02 16:11:26 136704 --a----c- C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-02 16:11:26 161792 --a----c- C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-02 16:11:26 98816 --a----c- C:\WINDOWS\sed.exe
2008-08-02 16:11:26 80412 --a----c- C:\WINDOWS\grep.exe
2008-08-02 16:11:26 89504 --a----c- C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-02 12:18:08 0 dr-h---c- C:\Documents and Settings\Sam\Recent
2008-08-01 19:34:52 7168 --a----c- C:\WINDOWS\BEB371B4AD25CCB7B36396CF2A829B67.exe
2008-07-30 20:24:02 0 d------c- C:\Program Files\Uniblue
2008-07-20 05:50:21 5135 --a----c- C:\WINDOWS\compaq.reg
2008-07-13 15:21:39 0 d------c- C:\Documents and Settings\Sam\SecurityScans
2008-07-13 15:13:09 0 d------c- C:\WINDOWS\system32\CatRoot_bak
2008-07-05 22:21:47 0 d------c- C:\Program Files\Sun

-- Find3M Report ---------------------------------------------------------------

2008-08-04 05:25:54 12 --a----c- C:\WINDOWS\bthservsdp.dat
2008-08-02 16:16:33 0 d------c- C:\Program Files\Common Files
2008-08-02 15:45:09 0 d------c- C:\Program Files\Mozilla Thunderbird
2008-08-02 13:46:08 0 d------c- C:\Documents and Settings\Sam\Application Data\Uniblue
2008-07-31 20:59:43 0 d------c- C:\Program Files\SpywareGuard
2008-07-31 20:48:59 0 d------c- C:\Program Files\Trillian
2008-07-31 20:48:19 0 d------c- C:\Program Files\PopCap Games
2008-07-31 20:45:59 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-07-31 20:43:10 0 d------c- C:\Program Files\Guitar Pro 5
2008-07-05 22:20:54 0 d------c- C:\Program Files\Java
2008-07-05 16:06:02 0 d------c- C:\Program Files\Microsoft ActiveSync
2008-06-29 20:44:32 0 d------c- C:\Program Files\LimeWire
2008-06-23 18:23:10 162321 --a----c- C:\WINDOWS\rti2.exe
2008-06-16 17:56:17 0 d------c- C:\Documents and Settings\Sam\Application Data\uTorrent
2008-05-31 21:49:02 256 --a----c- C:\WINDOWS\system32\pool.bin
2008-05-29 22:38:06 680960 --a----c- C:\WINDOWS\is-RI26H.exe
2008-05-29 18:58:20 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-05-23 17:09:22 2508 --a----c- C:\Documents and Settings\Sam\Application Data\$_hpcst$.hpc

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [07/04/2002 07:55 PM]
"srmclean "= "C:\Cpqs\Scom\srmclean.exe" [07/24/2001 11:34 PM]
"CTSysVol "= "C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Malwarebytes Anti-Malware (reboot) "= "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [07/30/2008 08:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [07/23/2008 02:05 PM]
"Uniblue SpeedUpMyPC "=" " []
"MoneyAgent "= "c:\Program Files\Microsoft Money\System\Money Express.exe" [07/25/2001 07:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Compaq_RBA "=C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Sam\Start Menu\Programs\Startup\
tcpsvcs.lnk - C:\WINDOWS\system32\rundll32.exe [10/12/2005 8:26:20 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts "=0 (0x0)
"RunLogonScriptSync "=0 (0x0)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)
"DisableTaskMgr "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL "=0 (0x0)
"NoDispScrSavPage "=0 (0x0)
"NoDispSettingsPage "=0 (0x0)
"NoVisualStyleChoice "=0 (0x0)
"NoColorChoice "=0 (0x0)
"NoSizeChoice "=0 (0x0)
"DisableLockWorkstation "=0 (0x0)
"DisableChangePassword "=0 (0x0)
"HideLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"DisableTaskMgr "=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL "=0 (0x0)
"NoDispScrSavPage "=0 (0x0)
"NoDispSettingsPage "=0 (0x0)
"NoVisualStyleChoice "=0 (0x0)
"NoColorChoice "=0 (0x0)
"NoSizeChoice "=0 (0x0)
"DisableRegistryTools "=0 (0x0)
"DisableLockWorkstation "=0 (0x0)
"DisableChangePassword "=0 (0x0)
"HideLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab "=0 (0x0)
"NoChangeKeyboardNavigationIndicators "=0 (0x0)
"NoChangeAnimation "=0 (0x0)
"NoAddPrinter "=0 (0x0)
"NoDeletePrinter "=0 (0x0)
"RestrictCpl "=0 (0x0)
"DisallowCpl "=0 (0x0)
"NoViewOnDrive "=0 (0x0)
"RestrictRun "=0 (0x0)
"DisallowRun "=0 (0x0)
"NoRecycleFiles "=0 (0x0)
"ForceRecycleBinSize "=0 (0x0)
"NoSharedDocuments "=0 (0x0)
"NoPropertiesMyComputer "=0 (0x0)
"NoPropertiesMyDocuments "=0 (0x0)
"NoPropertiesRecycleBin "=0 (0x0)
"NoManageMyComputerVerb "=0 (0x0)
"NoDesktop "=0 (0x0)
"NoCustomizeWebView "=0 (0x0)
"NoSaveSettings "=0 (0x0)
"NoViewContextMenu "=0 (0x0)
"NoFileMenu "=0 (0x0)
"NoShellSearchButton "=0 (0x0)
"ClearRecentDocsOnExit "=0 (0x0)
"NoWinKeys "=0 (0x0)
"NoFileAssociate "=0 (0x0)
"NoDFSTab "=0 (0x0)
"NoHardwareTab "=0 (0x0)
"NoSecurityTab "=0 (0x0)
"NoInstrumentation "=0 (0x0)
"NoCustomizeThisFolder "=0 (0x0)
"NoWebView "=0 (0x0)
"DontShowSuperHidden "=0 (0x0)
"NoOnlinePrintsWizard "=0 (0x0)
"NoPublishingWizard "=0 (0x0)
"NoRun "=0 (0x0)
"NoSetTaskbar "=0 (0x0)
"NoSMConfigurePrograms "=0 (0x0)
"NoRecentDocsMenu "=0 (0x0)
"NoSMMyPictures "=0 (0x0)
"NoStartMenuMyMusic "=0 (0x0)
"NoSMMyDocs "=0 (0x0)
"NoStartMenuNetworkPlaces "=0 (0x0)
"NoFavoritesMenu "=0 (0x0)
"NoSMHelp "=0 (0x0)
"NoHelp "=0 (0x0)
"NoNetworkConnections "=0 (0x0)
"NoCommonGroups "=0 (0x0)
"NoFind "=0 (0x0)
"NoWindowsUpdate "=0 (0x0)
"NoFolderOptions "=0 (0x0)
"NoChangeStartMenu "=0 (0x0)
"NoRecentDocsHistory "=0 (0x0)
"NoStartMenuMFUprogramsList "=0 (0x0)
"NoStartMenuPinnedList "=0 (0x0)
"NoUserNameInStartMenu "=0 (0x0)
"NoStartMenuMorePrograms "=0 (0x0)
"NoStartMenuEjectPC "=0 (0x0)
"NoSimpleStartMenu "=0 (0x0)
"ForceStartMenuLogoff "=0 (0x0)
"StartMenuLogoff "=0 (0x0)
"NoStartMenuSubFolders "=0 (0x0)
"NoDisconnect "=0 (0x0)
"NoNtSecurity "=0 (0x0)
"NoSetFolders "=0 (0x0)
"GreyMSIAds "=0 (0x0)
"ForceMaxRecentDocs "=0 (0x0)
"NoSMBalloonTip "=0 (0x0)
"NoSMBalloonTips "=0 (0x0)
"NoTrayContextMenu "=0 (0x0)
"NoTrayItemsDisplay "=0 (0x0)
"LockTaskbar "=0 (0x0)
"HideClock "=0 (0x0)
"NoToolbarsOnTaskbar "=0 (0x0)
"NoStartBanner "=00000000
"NoTaskGrouping "=0 (0x0)
"NoActiveDesktop "=0 (0x0)
"ForceActiveDesktopOn "=0 (0x0)
"NoWebServices "=0 (0x0)
"NoFileUrl "=0 (0x0)
"NoInternetIcon "=0 (0x0)
"NoBandCustomize "=0 (0x0)
"NoToolbarCustomize "=0 (0x0)
"NoExpandedNewMenu "=0 (0x0)
"SpecifyDefaultButtons "=0 (0x0)
"NoNetConnectDisconnect "=0 (0x0)
"NoRecentDocsNetHood "=0 (0x0)
"EnforceShellExtensionSecurity "=0 (0x0)
"NoLowDiskSpaceChecks "=0 (0x0)
"NoClose "=0 (0x0)
"NoLogOff "=1 (0x1)
"NoRunasInstallPrompt "=0 (0x0)
"PromptRunasInstallNetPath "=1 (0x1)
"NoResolveTrack "=0 (0x0)
"NoResolveSearch "=0 (0x0)
"LinkResolveIgnoreLinkInfo "=0 (0x0)
"NoDevMgrUpdate "=0 (0x0)
"NoDesktopCleanupWizard "=0 (0x0)
"NoThumbnailCache "=0 (0x0)
"ForceCopyAclwithFile "=0 (0x0)
"StartRunNoHOMEPATH "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0? "=hpsysdrv.exe
"1? "=recguard.exe
"2? "=srmclean.exe
"3? "=ctsysvol.exe
"4? "=msascui.exe
"5? "=groovemonitor.exe
"6? "=jusched.exe
"7? "=qttask.exe
"8? "=ituneshelper.exe
"9? "=newlock.exe
"10? "=ctfmon.exe
"11? "=wkdetect.exe
"12? "=myspaceim.exe
"13? "=adobe gamma loader.exe
"14? "=newadmin.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab "=0 (0x0)
"NoChangeKeyboardNavigationIndicators "=0 (0x0)
"NoChangeAnimation "=0 (0x0)
"NoAddPrinter "=0 (0x0)
"NoDeletePrinter "=0 (0x0)
"RestrictCpl "=0 (0x0)
"DisallowCpl "=0 (0x0)
"NoViewOnDrive "=0 (0x0)
"RestrictRun "=0 (0x0)
"DisallowRun "=0 (0x0)
"NoRecycleFiles "=0 (0x0)
"ForceRecycleBinSize "=0 (0x0)
"NoSharedDocuments "=0 (0x0)
"NoPropertiesMyComputer "=0 (0x0)
"NoPropertiesMyDocuments "=0 (0x0)
"NoPropertiesRecycleBin "=0 (0x0)
"NoManageMyComputerVerb "=0 (0x0)
"NoDesktop "=0 (0x0)
"NoCustomizeWebView "=0 (0x0)
"NoSaveSettings "=0 (0x0)
"NoViewContextMenu "=0 (0x0)
"NoFileMenu "=0 (0x0)
"NoShellSearchButton "=0 (0x0)
"ClearRecentDocsOnExit "=0 (0x0)
"NoWinKeys "=0 (0x0)
"NoFileAssociate "=0 (0x0)
"NoDFSTab "=0 (0x0)
"NoHardwareTab "=0 (0x0)
"NoSecurityTab "=0 (0x0)
"NoInstrumentation "=0 (0x0)
"NoCustomizeThisFolder "=0 (0x0)
"NoWebView "=0 (0x0)
"DontShowSuperHidden "=0 (0x0)
"NoOnlinePrintsWizard "=0 (0x0)
"NoPublishingWizard "=0 (0x0)
"NoRun "=0 (0x0)
"NoSetTaskbar "=0 (0x0)
"NoSMConfigurePrograms "=0 (0x0)
"NoRecentDocsMenu "=0 (0x0)
"NoSMMyPictures "=0 (0x0)
"NoStartMenuMyMusic "=0 (0x0)
"NoSMMyDocs "=0 (0x0)
"NoStartMenuNetworkPlaces "=0 (0x0)
"NoFavoritesMenu "=0 (0x0)
"NoSMHelp "=0 (0x0)
"NoHelp "=0 (0x0)
"NoNetworkConnections "=0 (0x0)
"NoCommonGroups "=0 (0x0)
"NoFind "=0 (0x0)
"NoWindowsUpdate "=0 (0x0)
"NoFolderOptions "=0 (0x0)
"NoChangeStartMenu "=0 (0x0)
"NoRecentDocsHistory "=0 (0x0)
"NoStartMenuMFUprogramsList "=0 (0x0)
"NoStartMenuPinnedList "=0 (0x0)
"NoUserNameInStartMenu "=0 (0x0)
"NoStartMenuMorePrograms "=0 (0x0)
"NoStartMenuEjectPC "=0 (0x0)
"NoSimpleStartMenu "=0 (0x0)
"ForceStartMenuLogoff "=0 (0x0)
"StartMenuLogoff "=0 (0x0)
"NoStartMenuSubFolders "=0 (0x0)
"NoDisconnect "=0 (0x0)
"NoNtSecurity "=0 (0x0)
"NoSetFolders "=0 (0x0)
"GreyMSIAds "=0 (0x0)
"ForceMaxRecentDocs "=0 (0x0)
"NoSMBalloonTip "=0 (0x0)
"NoSMBalloonTips "=0 (0x0)
"NoTrayContextMenu "=0 (0x0)
"NoTrayItemsDisplay "=0 (0x0)
"LockTaskbar "=0 (0x0)
"HideClock "=0 (0x0)
"NoToolbarsOnTaskbar "=0 (0x0)
"NoStartBanner "=00000000
"NoTaskGrouping "=0 (0x0)
"NoActiveDesktop "=0 (0x0)
"ForceActiveDesktopOn "=0 (0x0)
"NoWebServices "=0 (0x0)
"NoFileUrl "=0 (0x0)
"NoInternetIcon "=0 (0x0)
"NoBandCustomize "=0 (0x0)
"NoToolbarCustomize "=0 (0x0)
"NoExpandedNewMenu "=0 (0x0)
"SpecifyDefaultButtons "=0 (0x0)
"NoNetConnectDisconnect "=0 (0x0)
"NoRecentDocsNetHood "=0 (0x0)
"EnforceShellExtensionSecurity "=0 (0x0)
"NoLowDiskSpaceChecks "=0 (0x0)
"NoClose "=0 (0x0)
"NoLogOff "=0 (0x0)
"NoRunasInstallPrompt "=0 (0x0)
"PromptRunasInstallNetPath "=1 (0x1)
"NoResolveTrack "=0 (0x0)
"NoResolveSearch "=0 (0x0)
"LinkResolveIgnoreLinkInfo "=0 (0x0)
"NoDevMgrUpdate "=0 (0x0)
"NoDesktopCleanupWizard "=0 (0x0)
"NoThumbnailCache "=0 (0x0)
"ForceCopyAclwithFile "=0 (0x0)
"StartRunNoHOMEPATH "=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0? "=hpsysdrv.exe
"1? "=recguard.exe
"2? "=srmclean.exe
"3? "=ctsysvol.exe
"4? "=msascui.exe
"5? "=groovemonitor.exe
"6? "=jusched.exe
"7? "=qttask.exe
"8? "=ituneshelper.exe
"9? "=newlock.exe
"10? "=myspaceim.exe
"11? "=newadmin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeeabfbadcce]
C:\WINDOWS\system32\aeeabfbadcce.dll 04/23/2006 01:23 AM 113169 C:\WINDOWS\system32\aeeabfbadcce.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@= "Driver Group "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@= "DiskDrive "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@= "Hdc "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@= "Keyboard "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@= "Mouse "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@= "System "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@= "Volume "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^CamTrack.lnk]
backup=C:\WINDOWS\pss\CamTrack.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Sam\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sam^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\Money Express.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\werinit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"LDM "=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"Windows "= "C:\WINDOWS\explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray "=C:\WINDOWS\System32\igfxtray.exe
"UpdReg "=C:\WINDOWS\UpdReg.EXE
"NWTRAY "=NWTRAY.EXE
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe "
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe "
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"LVCOMSX "= "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.hi.studioaperto.net

8785 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-05 18:22:11 ------------

Geri · 2008/08/05

Hi Sam

If you look at the dss log you posted you will see ending of these entries in the registry section with a bunch of policies under them.
...policies\system]
....policies\explorer]
....policies\explorer\RestrictRun]

Did you add all these policies or run a applacation that added these policies?
Is this a home or work Corporate computer?

OK please do these in the order given.

** dss.exe must be on the desktop for the following command to work. **

Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

Click Start>Run and paste the command in the run box, then hit enter.

An interface of Deckards file association fix will open.

Click Scan.

Check the box next to the following, then click Fix.

.js

.reg

.vbs

.txt

.scr

.ini

Exit when complete.

Download SafeBoot Key Repair from here.
Save it to your desktop and run it, post the log when it is done.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Please post the safeboot log and the combofix log.
Please answer my question.

Thanks
Geri

Log in or Sign up

Failure to boot in Safe Mode

Sam W Inactive Thread Starter

mflynn Inactive

Sam W Inactive Thread Starter

mflynn Inactive

Arie Administrator Administrator Staff

Geri Inactive Alumni

Sam W Inactive Thread Starter

Geri Inactive Alumni

Sam W Inactive Thread Starter

Sam W Inactive Thread Starter

Sam W Inactive Thread Starter

Sam W Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Failure to boot in Safe Mode

Sam W Inactive Thread Starter

mflynn Inactive

Sam W Inactive Thread Starter

mflynn Inactive

Arie Administrator Administrator Staff

Geri Inactive Alumni

Sam W Inactive Thread Starter

Geri Inactive Alumni

Sam W Inactive Thread Starter

Sam W Inactive Thread Starter

Sam W Inactive Thread Starter

Sam W Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches