Jump to content

Recommended Posts

Oliver, we didn't close the ticket. you closed the ticket. You asked us for our "honest" opinion - your best option is to do an operating system re-install.

Share this post


Link to post
Share on other sites

Hello Superantispyware,

Thank you for your message. I would'nt wish to contradict you in any way but the Support Ticket closure notice was set out in red beneath your last message to me which I quoted in my posting above. If I inadvertantly clicked "Add message and close ticket" in my last posting to you then I can only apologise. My posting is in no way a criticism of the way you have dealt with my problem, I genuinely appreciate all you have done and sincerely thank you for it.

It appears to me, and please correct me if I'm mistaken, that whilst Superantispyware does a first class job in locating and removing threats, its not able to repair or reverse the damage to the system it caused whilst it was resident.

The fact that I cannot back up data and reinstall is my problem entirely and no reflection in any way on Superantispyware which I think is the best protection available anywhere at the present time.

Kind regards,

Oliver

Share this post


Link to post
Share on other sites

Oliver, once you are in safemode, can you access the run command and type in "msconfig" and hit enter. in the General tab, select Diagnostic Startup, apply and ok then reboot. and see if you can boot.

You could also try selective Startup and each time it fails untick a boot item. Also the startup tab, you can one by one untick and eliminated them. I know its a laborious mission ahead of you. But short of doing a Repair install these options are worth a try.

The thing is you still have an operational OS there if you can boot into safe mode, sounds more like a driver is at fault or been corrupted by the infection.

Give it a go, and get back with any results pls.

Share this post


Link to post
Share on other sites

Please look in the Event Logs and see if it is logging what might be causing the failure to start in Normal mode as well.

Is there any error message displayed when it reboots or it never gets quite that far into the Windows logon?

Share this post


Link to post
Share on other sites

Assuming that you are running Windows XP, do the following. It will cause the reboot to generate a BSOD instead of continuously reboot. The BSOD will show what driver or service is faulting.

- Go to System>Advanced tab>Startup and Recovery Settings.

- Uncheck "Automatically Restart"

- Click on OK, Apply, OK and reboot into Normal Mode.

For Vista:

- Go to System>Advanced System Settings>Advanced tab>Startup and Recovery Settings

- Uncheck Automatically Restart

- Click on OK, Apply, OK and reboot into Normal Mode

Once the BSOD occurs, write down the critical info concerning what drivers are causing the fault.

Share this post


Link to post
Share on other sites

To get to the Event Logs click on START -> RUN and type in EVENTVWR and click OK

Then look in Application and System logs for RED items that will indicate failures of some type. This may give you a clue as to why the system is rebooting.

Share this post


Link to post
Share on other sites

Well you could report it to Microsoft but not sure there is any direct support without paying for it.

There is currently not enough direct information to show what might be causing it and I'm assuming you've already run multiple Antimalware and Antivirus routines and all of them come up clean. If that is NOT the case then you need to go back and do scans with multiple scanners to ensure the system is clean now.

I doubt this is the cause of the shut down, reboot cycling but please start here and see if you can correct the COM errors.

You may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC

You may have corrupted files on your disk. If this is Windows XP please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

This routine will show a LOT of information about your system that can help to track down what might be causing the rebooting issue.

Download this program OTListIt.exe to your desktop.

  • [*:3b6g7fde]Close all applications and windows so that you have nothing open and are at your Desktop
    [*:3b6g7fde]Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
    [*:3b6g7fde]Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
    [*:3b6g7fde]Click the Run Scan button
    [*:3b6g7fde]NOTE: Please be patient and let the scan run without using the computer
    [*:3b6g7fde]When the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)
    [*:3b6g7fde]In Notepad, click Edit, Select all then Edit, Copy
    [*:3b6g7fde]Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
    [*:3b6g7fde]Submit your reply and close the Notepad window with OTList.txt
    [*:3b6g7fde]Also OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
    [*:3b6g7fde]In Notepad, click Edit, Select all then Edit, Copy
    [*:3b6g7fde]Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
    [*:3b6g7fde]NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.

Share this post


Link to post
Share on other sites

Hello AdvancedSetup,

Many many thanks for your detailed message and instructions.

I have carried out countless scans using Superantisyware and two or three using Norton, all report Clear. Norton won't run now in Safe Mode with Networking, the only way I can connect, nor can I download AVG for the same reason. If you know of any malware programmes that can be downloaded and run in Safe Mode I'll be happy to download and run them.

I've carried out your instructions carefully and copied below is the OTlistIT.txt the OTListIT Extras.txt will follow shortly.

Kind regards,

Oliver

OTListIt logfile created on: 12/12/2008 00:48:24 - Run

OTListIt by OldTimer - Version 1.0.12.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.36 Mb Total Physical Memory | 807.73 Mb Available Physical Memory | 78.93% Memory free

2.41 Gb Paging File | 2.33 Gb Available in Paging File | 96.94% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 226.88 Gb Total Space | 142.68 Gb Free Space | 62.89% Space Free | Partition Type: NTFS

Drive D: | 5.99 Gb Total Space | 2.55 Gb Free Space | 42.53% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: OLIVER

Current User Name: Compaq_Owner

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/04/14 00:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2008/12/12 00:32:28 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2006/10/23 12:50:35 | 00,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Stopped])

[2004/07/15 08:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005/04/15 02:09:00 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])

[2008/01/08 16:36:34 | 00,185,704 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Stopped])

[2005/10/05 19:14:12 | 00,239,216 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE -- (ccProxy [Auto | Stopped])

[2008/01/08 16:36:34 | 00,083,304 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])

[2008/01/08 16:36:34 | 00,177,512 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Stopped])

[2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2005/03/30 00:03:26 | 00,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC [Auto | Stopped])

[2008/11/24 23:19:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])

[2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])

[2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Stopped])

[2007/04/05 14:32:24 | 00,128,160 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -- (navapsvc [On_Demand | Stopped])

[2005/10/29 04:48:34 | 00,520,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2005/10/29 02:40:44 | 00,144,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2005/08/26 14:22:48 | 00,198,368 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Stopped])

[2008/08/07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Stopped])

[2005/02/25 19:45:26 | 00,992,864 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])

[2004/11/02 23:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])

[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2000/09/28 23:58:42 | 00,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc [Auto | Stopped])

[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/06/30 20:16:26 | 01,094,848 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])

[2005/04/15 02:14:00 | 01,130,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2007/11/26 19:09:46 | 00,024,960 | ---- | M] (America Online) -- C:\WINDOWS\system32\drivers\atwpkt2.sys -- (ATWPKT2 [On_Demand | Stopped])

[2004/10/14 23:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])

[2008/11/20 10:00:02 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Stopped])

[2005/01/08 00:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])

[2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2007/03/08 19:20:48 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007/03/08 19:20:49 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007/03/08 19:20:50 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2005/06/08 23:22:20 | 03,160,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])

[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2003/08/15 12:56:50 | 00,138,402 | ---- | M] (GlobespanVirata Inc.) -- C:\WINDOWS\system32\drivers\glausb.sys -- (lanusb [On_Demand | Stopped])

[2008/11/20 10:00:02 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081126.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])

[2008/11/20 10:00:02 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081126.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])

[2008/05/07 07:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

[2008/05/07 07:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

[2008/02/01 14:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])

[2008/02/01 14:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])

[2003/01/17 18:14:58 | 00,000,808 | R--- | M] () -- C:\WINDOWS\System32\OKIPAR.DAT -- (OkiPar [Auto | Stopped])

[2007/09/17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

[2008/08/14 10:04:36 | 00,030,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\port135sik.sys -- (port135sik [Auto | Stopped])

[2003/09/25 16:52:46 | 00,104,375 | ---- | M] (Friendly Technologies) -- C:\WINDOWS\system32\drivers\PPPoEWin.SYS -- (PPPoEWin [On_Demand | Running])

[2005/07/04 07:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])

[2008/11/18 13:36:52 | 00,007,808 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI [On_Demand | Stopped])

[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/04/25 09:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2004/08/04 04:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])

[2005/03/21 10:00:24 | 00,004,096 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys -- (SABProcEnum [On_Demand | Stopped])

[2008/08/19 22:34:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\SuperAntispyware\sasdifsv.sys -- (SASDIFSV [system | Stopped])

[2008/08/19 22:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\SuperAntispyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])

[2008/08/19 22:34:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\SuperAntispyware\SASKUTIL.SYS -- (SASKUTIL [system | Stopped])

[2005/08/26 14:22:48 | 00,334,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Stopped])

[2005/08/26 14:22:50 | 00,053,896 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [system | Stopped])

[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005/02/25 19:45:26 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])

[2005/04/05 11:16:52 | 00,011,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Stopped])

[2006/01/03 15:31:44 | 00,117,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])

[2005/04/05 11:16:54 | 00,173,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Stopped])

[2005/04/05 11:16:58 | 00,036,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Stopped])

[2006/02/14 01:48:14 | 00,200,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20060213.061\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Stopped])

[2005/04/05 11:16:56 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Stopped])

[2005/04/05 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Stopped])

[2005/04/05 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Stopped])

[2008/06/06 09:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

[2008/04/13 18:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

[2008/05/07 07:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

[2003/01/10 21:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Running])

[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKU\S-1-5-21-337866890-3682281519-642580479-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch

HKU\S-1-5-21-337866890-3682281519-642580479-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-337866890-3682281519-642580479-1008\S-1-5-21-337866890-3682281519-642580479-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (4102 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD

O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD

O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD

O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD

O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD

O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD

O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD

O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD

O1 - Hosts: 46 more lines...

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" (Friendly Technologies)

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)

O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe ()

O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon (GlobespanVirata, Inc.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139318105\ee\AOLSoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)

O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [PCDrProfiler] File not found

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

O4 - HKLM..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO (Max Secure Software)

O4 - HKLM..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe (Max Secure Software www.maxpcsecure.com)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

O4 - HKLM..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

O4 - HKLM..\Run: [WFXSwtch] c:\Winfax10\WFXSWTCH.exe ()

O4 - HKLM..\Run: [WinFaxAppPortStarter] wfxsnt40.exe (Microsoft Corporation)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (Nero AG)

O4 - HKCU..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)

O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)

O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

O4 - HKU\S-1-5-21-337866890-3682281519-642580479-1008..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (Nero AG)

O4 - HKU\S-1-5-21-337866890-3682281519-642580479-1008..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog (Time Information Services Ltd.)

O4 - HKU\S-1-5-21-337866890-3682281519-642580479-1008..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)

O4 - HKU\S-1-5-21-337866890-3682281519-642580479-1008..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-337866890-3682281519-642580479-1008..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-337866890-3682281519-642580479-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Common\yhexbmesuk.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Common\yhexbmesuk.dll (Yahoo! Inc.)

O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)

O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - File not found

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: online.musicmatch.com (https in Trusted sites)

O15 - HKLM\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: objects.aol.com (* is out of zone range - 5)

O15 - HKCU\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-337866890-3682281519-642580479-1008\..Trusted Sites: objects.aol.com (* is out of zone range - 5)

O15 - HKU\S-1-5-21-337866890-3682281519-642580479-1008\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by16fd.bay16.hotmail.msn.com/res ... nPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (Reg Error: Value does not exist or could not be read.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMe ... loader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} http://www.superadblocker.com/activex/sabminf.cab (SABMachineInfo Class)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll File not found

O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler: - ms-itss - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/html - No CLSID value found

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\SuperAntispyware\SASWINLO.dll -- C:\SuperAntispyware\SASWINLO.dll (SUPERAntiSpyware.com)

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\SuperAntispyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{A213B520-C6C2-11d0-AF9D-008029E1027E}" (HKLM) -- c:\Winfax10\WFXSEH32.DLL (Symantec Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2004/11/09 20:20:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []

[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]

[2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]

"" = Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[2008/12/12 00:32:27 | 00,418,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTListIt.exe

[2008/12/10 13:14:15 | 00,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[2008/12/10 13:14:15 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[2008/12/09 13:23:03 | 00,000,000 | ---D | C] -- C:\AVG

[2008/12/09 12:49:29 | 00,000,000 | ---D | C] -- C:\Will this work

[2008/12/03 13:36:10 | 00,000,000 | -HSD | C] -- C:\found.000

[2008/12/02 16:30:21 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\XXsuppdll.dll

[2008/11/26 10:50:29 | 00,000,000 | ---D | C] -- C:\Personal Software Inspector 261108

[2008/11/18 13:36:52 | 00,007,808 | ---- | C] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys

[2008/11/17 01:37:17 | 00,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

[2008/11/17 01:37:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite

[2008/11/17 01:35:44 | 00,008,064 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys

[2008/11/17 01:35:43 | 00,008,064 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys

[2008/11/17 01:35:42 | 00,020,864 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys

[2008/11/17 01:35:41 | 01,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll

[2008/11/17 01:35:41 | 00,659,968 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll

[2008/11/17 01:35:41 | 00,017,536 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008/12/12 00:47:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/12/12 00:47:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/12/12 00:32:28 | 00,418,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTListIt.exe

[2008/12/12 00:18:32 | 00,002,307 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Word.lnk

[2008/12/11 13:03:38 | 00,001,424 | ---- | M] () -- C:\WINDOWS\Solitaire.ini

[2008/12/11 11:19:16 | 00,001,463 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/12/10 13:16:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/12/10 13:14:19 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2008/12/10 13:14:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/12/10 12:24:39 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2008/12/10 00:47:15 | 00,035,363 | ---- | M] () -- C:\WINDOWS\System32\XXwindrvNT.sys

[2008/12/10 00:45:28 | 00,000,143 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008/12/09 02:51:31 | 00,002,297 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Excel.lnk

[2008/12/08 11:35:00 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SYSRegC.dll

[2008/12/07 15:54:54 | 00,484,184 | ---- | M] () -- C:\WINDOWS\System32\XXPerfStringBackup.INI

[2008/12/07 15:54:54 | 00,415,606 | ---- | M] () -- C:\WINDOWS\System32\XXperfh009.dat

[2008/12/07 15:54:54 | 00,061,860 | ---- | M] () -- C:\WINDOWS\System32\XXperfc009.dat

[2008/12/03 14:00:00 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\A9DC18EB931B8DC3.job

[2008/12/03 13:13:15 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\My Sharing Folders.lnk

[2008/12/02 16:30:21 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\XXsuppdll.dll

[2008/11/28 22:15:17 | 00,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job

[2008/11/28 17:31:24 | 00,210,944 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/27 22:03:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008/11/27 14:34:03 | 00,002,317 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Access.lnk

[2008/11/25 00:19:14 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008/11/19 15:53:41 | 00,000,829 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\File Shredder.lnk

[2008/11/18 13:36:52 | 00,007,808 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys

[2008/11/17 01:37:17 | 00,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk

< End of report >

Share this post


Link to post
Share on other sites

Well I don't see anything that sticks out like a sore thumb that would be causing this rebooting.

You do have a LOT of software that is auto loading on startup that I'd remove for now and only re-enable auto start if really needed.

These items here could be legitimate but due to their time stamp and name they potentially could be suspicious and you might want to try to upload them to one of the Online Virus Submission Sites.

Jotti's malware scan is one of them.

[2008/08/14 10:04:36 | 00,030,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\port135sik.sys

[2008/12/02 16:30:21 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\XXsuppdll.dll

[2008/12/08 11:35:00 | 00,000,063 | ---- | M] () -- C:\WINDOWS\System\SYSRegC.dll

I would recommend AUTORUNS from Microsoft to help disable auto running items. Don't delete the item, just uncheck it to keep it from running.

AutoRuns for Windows v9.36

I would also recommend removing Adobe Acrobat Reader 7 and update it to version 9

Also I would remove via the Add/Remove in Control Panel all of these old Java versions.

J2SE Runtime Environment 5.0

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 16

Java 6 Update 7

These are not the cause of rebooting but they are potential avenues of becoming infected so best to remove and install the latest versions.

By removing all thee auto running applications you should be able to get back in to Normal windows okay if MSCONFIG allows it to go back into Normal Windows. Then you can more granularly allow applications that you want to run on startup run and check out the results to pinpoint if one specific application is causing it.

Share this post


Link to post
Share on other sites

Lets not get the man uninstalling legit software that at the moment has absolutely nothing to do with the issue. Lets get him up and running first then trim the fat :)

C:\WINDOWS\system32\drivers\port135sik.sys otherwise know as systemntmi.sys and a few other alias's. You have a background service running on the system, in other words a rootkit.

You need to at the moment in safe mode rename that file to something like port135sik.123, yeah deleting it is obvious, but just at the moment the rename is safe until we know you can get rid of it completely.

Try a reboot, you may need to eliminate some files that could be related to it.

Share this post


Link to post
Share on other sites

It was a team effort Oliver, that's what we are all here for in the end :)

As for that driver file, delete it. if there are any other dll's or left overs floating around, without the driver installed and running they are dormant.

The next step is a total MUST do to make sure this driver is out and gone for any restore points.

In control panel, go to the System cpl, select the System restore tab, "Turn off System Restore on all drives" Apply ans ok everything.

Make sure you delete that port135sik file in system32 folder.

Do a full scan with SAS and with your AV.

Reboot the system, Do another scan with SAS, go back into the System.cpl in control panel, and turn on system restore again.

Then go to the start menu programs - accessories - system - system restore and create a fresh restore point.

Merry Xmas :)

Share this post


Link to post
Share on other sites

Sorry Greyghost didn't mean to step on any toes as I did say that IF he had an infection he should get that taken care of. I was not trying to do a Malware removal for him, just trying to clean up some stuff that may be an issue since he was saying he had already been through the cleanup process and was now in the General forum. I see now that you've posted that the user was infected. I didn't do any research on the files they just seemed like odd names so I mentioned them.

There is currently not enough direct information to show what might be causing it and I'm assuming you've already run multiple Antimalware and Antivirus routines and all of them come up clean. If that is NOT the case then you need to go back and do scans with multiple scanners to ensure the system is clean now.

Thanks

Share this post


Link to post
Share on other sites

Hey AdvancedSetup, I appreciate the help on this (all those sexy log files), or it would have taken forever. Have not had much time on my hands to post or reply to a lot of requests. (It's motorcycle session down here. So hey you know..... Priorities and all :P )

Finding all the info posted there for me to chew on was a blessing.

So hey no toes were stepped on as far as I am concerned, we are all here for the same reasons, to help and be helped and get results.

Take it easy out there :)

GG (aka Mav)

Share this post


Link to post
Share on other sites

To get rid of the old Java entries try JavaRa,

http://raproducts.org/

http://sourceforge.net/project/download ... irror=osdn

You may want to remove Viewpoint Media Player.

Use Viewpoint Killer

http://prprogramsstudios.us.tc/

http://prm753.bchea.org/viewpointkiller.zip

Yahoo Messenger can cause some problems. Especially the newer versions. You can replace it with an older version or even better ise Trillian or Pidgin.

Older versions YM

http://filehippo.com/download_yahoo_messenger/

Trillian ( uncheck the toolbar as it includes a lot of adware)

http://filehippo.com/download_trillian/

Pidgin (not as refined as Trillian but no adware)

http://filehippo.com/download_pidgin/

Norton has kept up their business products but their home / personal products have fallen way behind. You should rethink a different antivirus program.

AVG 8 is good and easy to use. The free version doesn't include anti-rootkit. It can have some program conflicts but not often.

I used to have issues with Avast and false positives but they seemed to have that under control now. Avast has anti-rootkit in the free version. The control panel isn't as easy to use as AVG. The only difference in a full install and a minimal install is the control panel. The minimal install seems to have a better control pane. The full install has a "car radio" type control panel. Around New Years the next version of Avast is due. I have switched from AVG to Avast because of better updating, free anti-rootkit. They both include anti-spyware.

Uninstall Norton

http://service1.symantec.com/Support/ts ... 3108162039

http://www.softpedia.com/get/Tweak/Unin ... Tool.shtml

AVG download

http://filehippo.com/download_avg_antivirus/

or

Avast download

http://filehippo.com/download_avast_antivirus/

The strongest and safest registry cleaner I've found is AML 4.13

http://www.brothersoft.com/aml-free-reg ... 72827.html

When updating Acrobat reader from 7 to 9 it's best to uninstall the older version first instead of updating to the newer version. An update will leave the folder for the older version.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...