[reinstall or repair xp home]

I am trying to fix a netbook that has windows home ed preinstalled on the system, but it has a corrupt file and wont load so i want to either repair or reinstall windows xp, but dont have an xp disk, and the recovery console (tech guys) is somehow not working (which is what eventually caused the corrupt windows i think) so i was wondering if there is a way to make a bootable xp home ed disk that i can use to repair or reinstall windows on it.

I may have to download a copy of windows from...somewhere i dont know yet (no one has a disk i can borrow), but i have the licence key from the laptop, its just xp i need, and a way to make it boot up to get it on the netbook (borrowed an external hard drive)

Sooo, if anyone could please tell me how to make a cd/dvd of windows home that i can use to fix the netbook i would be very happy please thank you

[c0000137]

hii, trying to fix my sisters advent netbook, running xp.

When i started, the loading windows screen had a green loading bar and no logo then blue screened with c0000137 error saying io permissions could not be changed. This happened however you tried to load it, even in safe mode and it automatically chose techguys recovery option to load it which results in same blue screen. This apparently started after they downloaded avg and did the reg fix on it.

After resetting bios settings and pressing f2 on start up to get to choose operating system screen, it can be loaded ok by choosing windows xp, however any normal restart causes green loading bar and automatic techguys start up and blue screen unless stopped by f2 screen.

After loading it to desktop i scanned with avg which temporarily removed viruses and blocked several active attacks, i downloaded malwarebytes which removed 11 items including infected reg keys which needed a restart but missed the f2 start up so got blue screen

I restarted it again via f2 and manually deleted the quarintine list which didnt ask for a restart so i restarted it anyway and rescanned and didnt find anything, also scanned with avg which didnt find anything so think most of if not all the virus/spy/ad/malware has gone however still need to fix the i/o permissions problem.

Does anyone have any ideas? i was wondering if removing the techguys software would resolve it since it seems to be that causing the problem?

Preferably they dont want to loose anything but wont be end of world if they do. Would have done reformat and xp reinstall but no disk drive or xp disk

Thanks in advance for any help :-)

[operating system not detected?]

My ibm laptop started freezing on me, and had to be shut down by power button before it would work again, and this happened a few times over a few days, then my friend looked over it and tried downloading XP's sp3 onto it but it froze halfway through, and since then whenever i try to switch it on it comes up with no operating system detected, before i get to the point where i can go into safe mode or anything. I do have an access ibm button which i have used before to restore to factory settings, but it comes up with something different now. It was something like boot from a temporary device, start as normal or another option i cant remember. I have restored bios settings to defaults, and thats about all i can do with it at the moment.

I was just wondering if anyone has come accross this before and if it is fixable.

Thank you much in advance

[cant remove trojan cyclers in any mode :-( please help]

I knew you would recomend something that wasnt safe i meant me personally i wouldnt have downloaded if you hadnt recomended it as i have never heard of it, but i shall be doing since i know for definate it is ok.

Well i shall leave you in peace now, thanks once again for all your help

[cant remove trojan cyclers in any mode :-( please help]

aaaand, windows update wants me to install service pack 3, should i do this? i didnt think that was an update, i thought you had to download it specifically?

[cant remove trojan cyclers in any mode :-( please help]

Also one last question, i didnt have system restore to start with, the last time it got a virus ages ago i turned it off, is it a good idea to turn it on? i only turned it off as i knew viruses could sneak into them?

[cant remove trojan cyclers in any mode :-( please help]

ahh ok, if they cant be linked to my comp its ok. I already have firefox thats how i noticed the virus as they opened in internet explorer, but i am funny about what free downloads i use as there are so many fakes but i have malwarebytes and i will try superantispyware if that is good and safe.

And i will go through all the clear up steps and updates etc. thank you much again. I shall be recomending malwarebytes to everyone!

[cant remove trojan cyclers in any mode :-( please help]

malwarebytes scan

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4253

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

30/06/2010 19:33:14

mbam-log-2010-06-30 (19-33-14).txt

Scan type: Quick scan

Objects scanned: 143327

Time elapsed: 8 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

all clean :-) i also didnt believe it since it has been causing so many problems so i scanned with nod32 as well and that came back all clean too, no restart required for any (i think between them they got rid of everything except the system volume ones before so its all good)

thank you so much for all your help! i really thought i was never going to get rid of it!! i cant thank you enough

is there a way i can delete my log posts from this thread by the way? just so all my files arnt kept on?

And thank you again

[cant remove trojan cyclers in any mode :-( please help]

and the extras was

OTL Extras logfile created on: 30/06/2010 19:10:42 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\vicki\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 564.00 Mb Available Physical Memory | 55.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.16 Gb Total Space | 5.48 Gb Free Space | 16.53% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IBM-692B5480E34

Current User Name: vicki

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Add to archive] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)

Directory [browse path with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found

"C:\Program Files\Kodak\Digital Display\KodakDigitalDisplaySoftware.exe" = C:\Program Files\Kodak\Digital Display\KodakDigitalDisplaySoftware.exe:*:Enabled:Kodak Digital Display Software -- File not found

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = C:\Program Files\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()

"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message

"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore

"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility

"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00

"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 3.2

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9516A4F3-A620-4C4B-B17C-750C6B87AF4B}" = ESET Smart Security

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Power Manager

"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2

"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features

"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers

"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"BitTorrent" = BitTorrent

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"FrostWire" = FrostWire 4.20.3

"ie8" = Windows Internet Explorer 8

"InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows

"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2

"KeyScrambler" = KeyScrambler

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Power Management Driver" = IBM ThinkPad Power Management Driver

"Presentation Director" = IBM ThinkPad Presentation Director

"ProInst" = Intel® PROSet/Wireless Software

"SEMC OMSI Module" = SEMC OMSI Module

"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"ThinkPadSoftwareInstaller" = Software Installer

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 29/06/2010 09:59:01 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 29/06/2010 10:33:09 | Computer Name = IBM-692B5480E34 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x016f204d.

Error - 29/06/2010 10:54:29 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 29/06/2010 11:56:09 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 29/06/2010 12:00:13 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 30/06/2010 05:42:14 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 30/06/2010 13:42:13 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 30/06/2010 13:45:21 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 30/06/2010 13:49:21 | Computer Name = IBM-692B5480E34 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 30/06/2010 14:05:26 | Computer Name = IBM-692B5480E34 | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.7.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 30/06/2010 05:42:16 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7023

Description = The Client Service for NetWare service terminated with the following

error: %%2

Error - 30/06/2010 08:55:11 | Computer Name = IBM-692B5480E34 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 30/06/2010 11:25:09 | Computer Name = IBM-692B5480E34 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 30/06/2010 13:36:42 | Computer Name = IBM-692B5480E34 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort0, did not respond within the timeout

period.

Error - 30/06/2010 13:42:17 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7000

Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed

to start due to the following error: %%87

Error - 30/06/2010 13:42:17 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7023

Description = The Client Service for NetWare service terminated with the following

error: %%2

there seems to be alot of errors there....is that normal?

Error - 30/06/2010 13:45:22 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7000

Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed

to start due to the following error: %%87

Error - 30/06/2010 13:45:22 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7023

Description = The Client Service for NetWare service terminated with the following

error: %%2

Error - 30/06/2010 13:49:19 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7000

Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed

to start due to the following error: %%87

Error - 30/06/2010 13:49:19 | Computer Name = IBM-692B5480E34 | Source = Service Control Manager | ID = 7023

Description = The Client Service for NetWare service terminated with the following

error: %%2

< End of report >

[cant remove trojan cyclers in any mode :-( please help]

ok i have done that,

bootkit log was

Bootkit Remover version 1.0.0.1

© 2009 eSage Lab

www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0

MD5: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Press any key to quit...

otl.txt was

OTL logfile created on: 30/06/2010 19:10:42 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\vicki\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 564.00 Mb Available Physical Memory | 55.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.16 Gb Total Space | 5.48 Gb Free Space | 16.53% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IBM-692B5480E34

Current User Name: vicki

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/30 18:51:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vicki\Desktop\OTL.exe

PRC - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2010/03/24 20:31:00 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2009/10/30 05:48:36 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe

PRC - [2009/10/30 05:48:36 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe

PRC - [2009/09/24 23:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

PRC - [2009/08/24 14:30:10 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe

PRC - [2009/04/30 21:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2008/10/10 00:32:56 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

PRC - [2005/04/27 19:09:46 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

PRC - [2005/04/27 17:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe

PRC - [2005/04/05 23:14:34 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2005/04/04 20:43:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

PRC - [2005/03/25 00:20:34 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2005/03/23 10:11:00 | 000,217,088 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2005/03/18 11:07:00 | 000,745,472 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE

PRC - [2005/03/18 11:07:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

PRC - [2005/03/18 11:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE

PRC - [2005/02/18 15:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005/02/18 15:03:38 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005/02/18 15:02:24 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2004/11/08 19:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2004/11/05 09:30:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2004/10/14 17:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2004/09/07 00:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2004/08/06 10:10:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/05/24 18:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe

PRC - [2003/10/29 11:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2003/07/12 02:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

PRC - [2002/09/20 22:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

PRC - [2002/08/30 12:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe

========== Modules (SafeList) ==========

MOD - [2010/06/30 18:51:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vicki\Desktop\OTL.exe

MOD - [2004/11/08 19:17:50 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

MOD - [2004/08/04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004/08/04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2002/08/14 11:08:40 | 000,118,784 | ---- | M] (Broderbund) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\KeyHook.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2010/03/24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2009/10/30 05:48:36 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)

SRV - [2009/10/30 05:48:36 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)

SRV - [2009/08/06 22:46:16 | 000,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)

SRV - [2009/04/30 21:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2008/10/10 00:32:56 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2005/04/27 19:09:46 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)

SRV - [2005/03/18 11:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)

SRV - [2005/02/18 15:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2005/02/18 15:03:38 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)

SRV - [2005/02/18 15:02:24 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)

SRV - [2004/11/05 09:30:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2004/05/24 18:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2003/07/12 02:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

SRV - [2002/09/20 22:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/03/24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010/03/24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010/03/24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2010/02/11 12:08:25 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/11/27 16:56:29 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009/11/27 16:56:29 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2009/08/06 22:46:16 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2009/03/26 02:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)

DRV - [2009/03/26 02:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)

DRV - [2009/03/26 02:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)

DRV - [2009/03/26 02:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)

DRV - [2009/03/26 02:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)

DRV - [2009/03/26 02:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)

DRV - [2009/03/26 02:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2008/10/21 19:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)

DRV - [2008/10/21 19:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)

DRV - [2008/10/21 19:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)

DRV - [2008/10/21 19:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008/10/21 19:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)

DRV - [2008/10/21 19:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)

DRV - [2008/10/21 19:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)

DRV - [2008/07/04 23:33:40 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008/03/22 22:37:20 | 000,113,896 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)

DRV - [2008/01/09 20:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2005/05/17 10:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2005/05/11 06:07:44 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/04/27 18:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)

DRV - [2005/04/27 17:16:46 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)

DRV - [2005/04/22 00:44:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11)

DRV - [2005/04/13 09:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2005/03/18 11:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)

DRV - [2005/03/18 11:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)

DRV - [2005/03/18 11:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)

DRV - [2005/03/18 00:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2005/02/14 16:00:10 | 003,255,168 | ---- | M] (Intel

[cant remove trojan cyclers in any mode :-( please help]

oh, i did it wrong....

this is what it came up with

Bootkit Remover version 1.0.0.1

© 2009 eSage Lab

www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0

MD5: 33651d4929a84a7ab9d65c115ce1bdc0

Size Device Name MBR Status

--------------------------------------------

37 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.

To inspect the boot code manually, dump the master boot sector:

remover.exe dump <device_name> [output_file]

To disinfect the master boot sector, use the following command:

remover.exe fix <device_name>

Press any key to quit...

sorry, ive been sat at my laptop for ages, my head is fried!

[cant remove trojan cyclers in any mode :-( please help]

Actually, i misread it, i am not a vista user i have xp, i have run it but i cant copy it because as soon as i strike a key it ends it!!

[cant remove trojan cyclers in any mode :-( please help]

Hello, welcome to MalwareBytes' forums.

It looks like you've acquired one of the more recent infections. It can be a real bugger to remove.

What is the make and model of your computer? Does it have an recovery partition, or boot multiple OS's?

Download Bootkit remover to your Desktop.

This is a .rar file. If you do not have a program to open it then download and install Peazip

• Extract Remover to your desktop
  
• Right click Remover and select Run as Administrator
  
• It will show a Black screen with some data on it
  
• Right click on the screen and click Select All
  
• Press Ctrl+C (on keyboard) to copy the data
  
• Open a notepad and press Ctrl+V to paste the data
  

Please copy\paste the contents of Notepad here for me to review.

Hi, thanks for your reply

I have an IBM T43 and i dont think it has a recovery partition, it has the access IMB button which i had to use last time to wipe it but i had an external cd rewriter then so i could back up all my stuff, but i cant back anything up this tme so i would rather try and rescue it somehow.

I have downloaded peazip and the remover however i cant set it to run as administrator as i dont know the administrator password i cant remember what is was!! i will keep trying.

Thanks

[cant remove trojan cyclers in any mode :-( please help]

I have aquired a trojan cycler virus known as mebroot in nod32 and i cant get rid of it! I have scanned nod32 which says a restart is needed but it comes back after the restart, and nod32 wont scan in safe mode.

I have got firefoxes bit defender which also finds it but cant remove it and wont run in safe mode.

I have downloaded nod32 specific removal kit for it which says the rootkit cannot be removed and wont run in safe mode.

It is smss.exe and i have tried ending the process through task manager in normal and safe mode but it wont as it is a critical process, and i have run malwarebytes (free version) in both modes but it cannot delete it in either modes and comes right back at restart.

Soo, im at a complete loss now, i dont have a memory stick or cd writer drive so i cant back up my files so i dont really want to wipe it if possible, plus i dont have a windows disk.

Does anyone have any suggestions? in malwarebytes the results come up with 4 infected files, system volume information\microsoft\services.exe and system volume information\microsoft\smss.exe one each as a file, and one each in the memory.

Thanks