allthrtl Posted February 27, 2013 ID:651774 Share Posted February 27, 2013 The usual window popped up a couple days ago and wouldn't allow me to do anything. I tried booting into safemode only to get a blank white screen. After much searching, I was able to boot from a Kaspersky Boot disk and run windows unlocker. This got rid of the FBI warning and I could see the desktop, but I have no start menu/taskbar, IE will not open, nor will task manager. I was able to get to the internet via Google Chrome and download Malwarebytes, but it will not run due to run time error 372. I've tried everything I can think of and nothing works, so I throw myself at your mercy...DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by Administrator at 13:29:06 on 2013-02-27.============== Running Processes ================.C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\srvany.exeC:\Program Files\TightVNC\WinVNC.exeC:\WINDOWS\system32\neoseriald.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe.============== Pseudo HJT Report ===============.uStart Page = hxxps://www.h-dnet.com/uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071129BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllTB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelpermRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabTCP: Interfaces\{38E8CE48-B004-44D6-BEB2-1DA84ABE7168} : NameServer = 12.127.17.71,12.127.17.72Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLNotify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.S? A2DDA;A2 Direct Disk Access Support DriverS? ASFIPmon;Broadcom ASF IP MonitorS? MBAMSwissArmy;MBAMSwissArmyS? neoseriald;neoseriald.=============== File Associations ===============.ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE.=============== Created Last 30 ================.2013-02-27 17:41:28 -------- d-----w- c:\program files\AVAST Software2013-02-27 17:41:28 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software2013-02-27 17:14:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-02-27 17:14:12 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes2013-02-27 17:13:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2013-02-27 17:13:52 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2013-02-27 17:13:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-02-26 23:56:33 -------- d-sha-r- C:\cmdcons2013-02-26 23:55:42 98816 ----a-w- c:\windows\sed.exe2013-02-26 23:55:42 256000 ----a-w- c:\windows\PEV.exe2013-02-26 23:55:42 208896 ----a-w- c:\windows\MBR.exe2013-02-26 23:53:42 -------- d-----w- c:\program files\CCleaner2013-02-26 22:12:35 -------- d-----w- C:\emsisoft2013-02-26 12:29:00 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0.==================== Find3M ====================.2013-02-08 07:08:20 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-08 07:08:19 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll.============= FINISH: 13:29:39.57 ===============.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Reader 9.5.2Broadcom ASF Management ApplicationsBroadcom Management ProgramsCCleanerDell ETS Factory InstallationGoogle ChromeGoogle Toolbar for Internet ExplorerHigh Definition Audio Driver Package - KB835221Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Intel® Graphics Media Accelerator DriverJ2SE Runtime Environment 5.0 Update 6Java Auto UpdaterJava™ 6 Update 31Malwarebytes Anti-Malware version 1.70.0.1100Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2742597)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft Office XP Professional with FrontPageMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)PowerDVDRoxio Creator AudioRoxio Creator BDAV PluginRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Drag-to-DiscRoxio Express LabelerRoxio Update ManagerSearchAssistSecurity Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2183461)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360131)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2416400)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2482017)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2497640)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2530548)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544521)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2559049)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2586448)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618444)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647516)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950759)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956390)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958215)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960714)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB963027)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969897)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972260)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974455)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165-v2)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Sonic Activation ModuleTightVNC 1.2.9Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update for Windows XP (KB976749)Update for Windows XP (KB978207)Update for Windows XP (KB980182)URL AssistantWebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Installer 3.1 (KB893803)Windows Internet Explorer 8Windows XP Service Pack 3.==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted February 27, 2013 ID:651778 Share Posted February 27, 2013 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop. RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop. (please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.MrC<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>Please stick with me until I give you the "all clear".<+>The removal of malware isn't instantaneous, please be patient.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
allthrtl Posted February 27, 2013 Author ID:651797 Share Posted February 27, 2013 RogueKiller V8.5.2 [Feb 23 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Administrator [Admin rights]Mode : Scan -- Date : 02/27/2013 15:10:14| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{38E8CE48-B004-44D6-BEB2-1DA84ABE7168} : NameServer (12.127.17.71,12.127.17.72) -> FOUND[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{38E8CE48-B004-44D6-BEB2-1DA84ABE7168} : NameServer (12.127.17.71,12.127.17.72) -> FOUND[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] 61b13e5a7783a1c53c342d04689da664[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 76238 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_02272013_02d1510.txt >>RKreport[1]_S_02272013_02d1510.txt Link to post Share on other sites More sharing options...
MrCharlie Posted February 27, 2013 ID:651817 Share Posted February 27, 2013 Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 27, 2013 Author ID:651819 Share Posted February 27, 2013 ComboFix 13-02-26.01 - Administrator 02/27/2013 16:34:59.2.2 - x86Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe..((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))..2013-02-27 17:41 . 2013-02-27 17:57 -------- d-----w- c:\program files\AVAST Software2013-02-27 17:41 . 2013-02-27 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software2013-02-27 17:14 . 2013-02-27 19:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-02-27 17:14 . 2013-02-27 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2013-02-27 17:13 . 2013-02-27 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-02-27 17:13 . 2013-02-27 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-02-27 17:13 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2013-02-26 23:53 . 2013-02-26 23:53 -------- d-----w- c:\program files\CCleaner2013-02-26 22:12 . 2013-02-26 22:13 -------- d-----w- C:\emsisoft2013-02-26 14:38 . 2013-02-26 14:38 -------- d-----w- c:\windows\Sun2013-02-26 12:29 . 2013-02-26 12:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-08 07:08 . 2012-06-05 12:55 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-08 07:08 . 2012-03-09 20:03 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-01-26 03:55 . 2004-08-11 22:00 552448 ----a-w- c:\windows\system32\oleaut32.dll2013-01-07 01:19 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37 . 2004-08-04 03:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-04 01:20 . 2004-08-11 22:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49 . 2004-08-11 22:00 1292288 ----a-w- c:\windows\system32\quartz.dll2013-01-02 06:49 . 2004-08-11 22:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax2012-12-26 20:16 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll2012-12-26 20:16 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-12-26 20:16 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-12-24 06:40 . 2004-08-11 22:00 385024 ------w- c:\windows\system32\html.iec2012-12-16 12:23 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..Cryptography Services Error !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-02 474624]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352].[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.R2 neoseriald;neoseriald;c:\windows\system32\srvany.exe [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\emsisoft\Run\a2ddax86.sys [x]S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - TRUESIGHT*Deregistered* - TrueSight.Contents of the 'Scheduled Tasks' folder.2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 07:08].2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645700779-2926607927-4078397398-500Core.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-09 20:14].2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645700779-2926607927-4078397398-500UA.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-09 20:14]..------- Supplementary Scan -------.uStart Page = https://www.h-dnet.com/uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071129TCP: Interfaces\{38E8CE48-B004-44D6-BEB2-1DA84ABE7168}: NameServer = 12.127.17.71,12.127.17.72..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-02-27 16:38Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3645700779-2926607927-4078397398-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,dd,1a,35,02,36,ee,41,b9,fa,64,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,dd,1a,35,02,36,ee,41,b9,fa,64,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(1060)c:\windows\system32\WININET.dll.Completion time: 2013-02-27 16:40:05ComboFix-quarantined-files.txt 2013-02-27 22:40ComboFix2.txt 2013-02-27 00:11.Pre-Run: 66,306,195,456 bytes freePost-Run: 66,299,109,376 bytes free.- - End Of File - - 40078641BA34D18EF52BFF80530111BB Link to post Share on other sites More sharing options...
MrCharlie Posted February 27, 2013 ID:651834 Share Posted February 27, 2013 Go to Start > Run > copy and paste this in: services.mscFind this service and make sure it's Started and set to Automatic (CryptSvc) Cryptographic Service Let me know.....MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 27, 2013 Author ID:651835 Share Posted February 27, 2013 It is not started and is set to automatic. I right clicked and clicked start and received this error message;Could not start the CryptSvc service on Local ComputerError 1068: The dependency service or group failed to start. Link to post Share on other sites More sharing options...
MrCharlie Posted February 27, 2013 ID:651845 Share Posted February 27, 2013 Check these also:1) Remote Procedure Call (RPC) service - set this to Automatic2) Windows Management Instrumentation (WMI) service - set this to Automatic3) Event Log set to auto4) Remote Access Auto Connection (RasMan) set to manual5) Security Center (wscsvc) set to auto6) Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) set to autoMrC Link to post Share on other sites More sharing options...
allthrtl Posted February 27, 2013 Author ID:651852 Share Posted February 27, 2013 All 6 already set as you outlined. Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:651855 Share Posted February 28, 2013 Can you get to "system restore" or "Last know Good Configuration"MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:651864 Share Posted February 28, 2013 "system restore" I can get to it thru msconfig, but it will not run."last known good configuration" I can get to it, but I have not tried to run it. Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:651866 Share Posted February 28, 2013 Try that >"last known good configuration"Let me know.....MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:651868 Share Posted February 28, 2013 Try that >"last known good configuration"Let me know.....MrCTried it, no change... Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:651872 Share Posted February 28, 2013 See if you can start the Cryptographic Service started as before.http://forums.malwarebytes.org/index.php?showtopic=123226&view=findpost&p=651834MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652012 Share Posted February 28, 2013 Still the same errorCould not start the CryptSvc service on Local ComputerError 1068: The dependency service or group failed to start. Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652014 Share Posted February 28, 2013 All 6 already set as you outlined.I should have been more clear here, they were already set as you outlined, I didn't have to change anything. Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:652017 Share Posted February 28, 2013 OK, are you running XP Home or XP Pro???--------------------------------Please download ERUNT...by Lars Hederer. Save it to your desktop.http://www.aumha.org...erunt-setup.exeDouble-click erunt-setup-exe to start the install process. Follow the install prompts.Use the default install settings...say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.Make sure that at least the first two check boxes are selected.Click on OK ... Then click on "YES" to create the folder.Run:Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:System registry.Current user registry.Next click on "OK"... at the prompt... reply "Yes".After a short duration the Registry backup is complete! pop-up message will appear.Now click on "OK". A registry backup has now been created.Let me know......and I'll give you the next step.....MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652022 Share Posted February 28, 2013 XP Pro Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652024 Share Posted February 28, 2013 Ok, backup complete. FYI I still don't have a start button or task bar so I have to use hotkeys to open windows explorer and locate the exe file to launch anything not on my desktop. Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:652028 Share Posted February 28, 2013 Run unhide as outlined in the link below, also follow any other instructions to restore what's missing: MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652036 Share Posted February 28, 2013 Method 1Didn't work as I had run CCleaner early on in the process.Method 2SMTMP folder didn't exist, probably due to CCleanerMethod 3Downloaded and ran winxp-pro-32bit-sm-reset, rebooted, no change.Did not run AppPaths.exe as I don't have access to the start menu to know if I needed to.I do appreciate all your help.... Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:652040 Share Posted February 28, 2013 OK, download and unzip the attached !Default_XP_Pro_SP3_Start_v300.zip.Now double click on the !Default_XP_Pro_SP3_Start_v300.reg and allow it to merge into the registry.Reboot.Now delete your copy of ComboFix and download and run a fresh copy as before.Post the log.If there's any problems you can always restore the registry.Just navigate to this location and double click on ERDNT.EXEC:\WINDOWS\ERDNT\date\ERDNT.EXEMrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652061 Share Posted February 28, 2013 ComboFix 13-02-26.01 - Administrator 02/28/2013 14:55:37.3.2 - x86Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe..((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))..2013-02-26 23:53 . 2013-02-26 23:53 -------- d-----w- c:\program files\CCleaner2013-02-26 22:12 . 2013-02-26 22:13 -------- d-----w- C:\emsisoft2013-02-26 14:38 . 2013-02-26 14:38 -------- d-----w- c:\windows\Sun2013-02-26 12:29 . 2013-02-26 12:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-08 07:08 . 2012-06-05 12:55 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-02-08 07:08 . 2012-03-09 20:03 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-01-26 03:55 . 2004-08-11 22:00 552448 ----a-w- c:\windows\system32\oleaut32.dll2013-01-07 01:19 . 2004-08-11 22:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37 . 2004-08-04 03:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-04 01:20 . 2004-08-11 22:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49 . 2004-08-11 22:00 1292288 ----a-w- c:\windows\system32\quartz.dll2013-01-02 06:49 . 2004-08-11 22:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax2012-12-26 20:16 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll2012-12-26 20:16 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-12-26 20:16 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-12-24 06:40 . 2004-08-11 22:00 385024 ------w- c:\windows\system32\html.iec2012-12-16 12:23 . 2004-08-11 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..Cryptography Services Error !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [2003-08-02 474624]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352].[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.R2 neoseriald;neoseriald;c:\windows\system32\srvany.exe [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\emsisoft\Run\a2ddax86.sys [x]S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [x]..Contents of the 'Scheduled Tasks' folder.2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 07:08].2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645700779-2926607927-4078397398-500Core.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-09 20:14].2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645700779-2926607927-4078397398-500UA.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-09 20:14]..------- Supplementary Scan -------.uStart Page = https://www.h-dnet.com/uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071129TCP: Interfaces\{38E8CE48-B004-44D6-BEB2-1DA84ABE7168}: NameServer = 12.127.17.71,12.127.17.72..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-02-28 14:59Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3645700779-2926607927-4078397398-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,dd,1a,35,02,36,ee,41,b9,fa,64,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,dd,1a,35,02,36,ee,41,b9,fa,64,\.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(1672)c:\windows\system32\WININET.dll.Completion time: 2013-02-28 15:01:25ComboFix-quarantined-files.txt 2013-02-28 21:01ComboFix2.txt 2013-02-27 22:40.Pre-Run: 66,234,654,720 bytes freePost-Run: 66,225,512,448 bytes free.- - End Of File - - 3D98FD9C4B2BF0CC62FCAC496F85F841Still no start menu and IE won't open Link to post Share on other sites More sharing options...
MrCharlie Posted February 28, 2013 ID:652065 Share Posted February 28, 2013 Doesn't look good, do you have the XP pro disk???I think the best thing to do is a repair install or a complete format and install.MrC Link to post Share on other sites More sharing options...
allthrtl Posted February 28, 2013 Author ID:652066 Share Posted February 28, 2013 Yes, I do have the disk, shall I attempt a repair install? Link to post Share on other sites More sharing options...
Recommended Posts