Jump to content

Dell XPS Boot Error


Recommended Posts

As this is my first post on this forum, I would like to give out a big HELLO, and a big THANK YOU to anyone offering their help!

So, here is the scoop on my Dell XPS- It all of a sudden blacked out and showed that wonderful 'BLUE SCREEN'. Its telling me CONFIG_LIST_FAILED, and the technical information states: STOP: x00000073 (0x00000001, 0xc000017D, 0x00000001, 0xF6D8ABB8). Upon restarting, the computer goes into some "Dell MediaDirect" black and white 'splash-screen logo' then straight to that blue screen again.

I attempted to start the PC into safe mode, w/ and w/out networking and it skips that "Dell MediaDirect" screen but goes into another blue screen stating: STOP: 0x0000007B (0xF7C4C524, 0xC0000034, 0x00000000, 0x00000000).

I searched the CONFIG_LIST_FAILED error on google and the common answer seems to be that my HDD is out of memory, which is not the case here. I also read another cause, which seems more appropriate, would be a boot-sector virus.

Again, any help received would be greatly appreciated, and a big thank you in advance goes out anyone sharing their time with me on this issue.

Link to post
Share on other sites

Hello Leo Ali

Welcome to Malwarebytes.

=====================

Please print these instructions in case you need to refer to them later.

Please do this......

  • Download OTLPE Network from either location and save it to your desktop:
    http://oldtimer.geekstogo.com/OTLPENet.exe
    http://ottools.noahdfear.net/OTLPENet.exe
  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPENet Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click imgbrn.png to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Push runscanbutton.png
  • When finished, the file will be saved in drive C:\OTL.txt
  • Please post the contents of the C:\OTL.txt file in your next reply.
  • Copy this file to your USB drive if you do not have an internet connection.

Link to post
Share on other sites

Hmm ok let's try another one that is a bit smaller and see if we can not get you into Windows.

Download RC.ISO and burn it to a cd as an ISO image. You may need a burning toy like ISO Recorder to do this...be sure to get the version for your operating system.

Once you have burned this as an ISO image, insert the CD into the drive, and then restart the computer. Watch for the prompt to "Press any key to boot from cd" and press the spacebar when you see it. You may have to change the boot priority in BIOS Setup to accomplish this...we'll cross that bridge if we get to it.

When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console...by number (usually 1)

When you are prompted to do so, type the Administrator password. If you have not set an administrator password, leave it blank and just press "Enter".

At the Recovery Console command prompt, type chkdsk /r C: then hit Enter.

It will go through a series of checks and it will take a while to run.

At the next prompt, type the following bolded text, and press Enter:

exit

The computer will restart then let me know if you get into Windows.

Link to post
Share on other sites

Ok, I tried the disk again and realized that the Recovery Console was for XP. I found one for vista 32-bit and ran it, along w/ the scandisk and some 'Boot-up Repair'. The PC restarted normally and I am in Windows now, would you like a HJT log?

Link to post
Share on other sites

Oh ok sorry about that I though you had xp.

Yes please run the following:

  • Please download OTH.scr to your desktop.
  • Download OTL to your desktop.
  • Double click the OTH file and select Kill All Processes, your desktop will go blank
    OTH_Main.jpg
    Then select Start OTL OTL will now run
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Link to post
Share on other sites

Thanks for continuing to help me with this computer Kahdah.

GMER had an error saying: "e9sxspy7.exe has stopped working" when it scanned [\device\harddisk\volumeshadowcopy1], I tried running it in Safemode w/ networking and it came out with the same error at the same place. Below are Extras.txt followed by OTL.txt

OTL Extras logfile created on: 5/24/2010 9:48:52 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Natalie\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 72.87 Gb Free Space | 53.40% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 2.87 Gb Free Space | 28.67% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 2.49 Gb Total Space | 0.50 Gb Free Space | 20.19% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: NATALIE-PC

Current User Name: Natalie

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{118BBB71-F8FF-45B0-B405-A7B8F148D5C2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1948A682-B06F-424A-ACF8-109B9BD1A385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{198C0458-6D8F-47EF-8104-33FF09E5B0E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{214F9EF0-DC16-4B00-8C62-F62B29C0819C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{35DA9075-630A-46C8-945A-6812D15CCA97}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{41EEF11D-25F7-44EF-9A4A-90A3B51D3330}" = lport=10244 | protocol=6 | dir=in | app=system |

"{471CF542-E520-417F-9160-F999C38B3D1E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{48F5D951-027A-4F2F-8FBC-6EA12F4FE7F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4B1EC543-3863-41D2-961C-2F255F0A0BCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{563FCEA3-FFB1-4C34-895A-AACE4AED0F23}" = rport=10243 | protocol=6 | dir=out | app=system |

"{6413A351-16AD-4730-B60D-7C8D657351D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{68F4D4D3-FD7A-44BD-8BF7-D504612E811C}" = lport=3390 | protocol=6 | dir=in | app=system |

"{72301687-367E-4B4D-8384-82B66B940090}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{730D0074-7109-406F-81CC-DE5BAACA3334}" = lport=10244 | protocol=6 | dir=in | app=system |

"{765C7931-2F4F-421E-9CE0-89985BE4F3CA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7BE6604E-D89E-4038-8A51-7F7D60FFB510}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7FEFB5F4-4B3A-43BB-84A2-51C8A86C3AB1}" = lport=3390 | protocol=6 | dir=in | app=system |

"{82899DA5-EC1E-4D29-8024-5C9E873ED5E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{87AC28ED-C66D-4A8F-A7BE-7EA7961DD62B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8C285B12-F4BA-4CA1-BCC8-7727045BEE0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9699BF82-AFCA-43E1-A02E-42C52803AAB0}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{9890E737-A4CA-48B4-AB52-8790DF9692F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9E6E6F85-AE16-4726-ACB2-186E0B895DC8}" = rport=10244 | protocol=6 | dir=out | app=system |

"{9F787436-F5AF-4EF6-BAD0-E7D042442DD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A5C4C095-6AB7-4FD2-8A1B-1095DDF9A0B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A66E25FC-8466-471E-ABFA-81C4F260F432}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{AAB2ACCA-B962-4FF8-BFDF-80B64AC90B8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BC718AA8-F110-438E-94CA-C45D2BFB0153}" = rport=10244 | protocol=6 | dir=out | app=system |

"{C24DF778-03FF-4497-94F8-9D11629F70C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D8398B91-0382-4FAA-9EA7-549D3EF91612}" = lport=10243 | protocol=6 | dir=in | app=system |

"{FFBE19B5-6364-473B-B372-0DDF487484C4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10E982F4-A44A-4779-8D16-EF469CF2CA44}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{111848FB-9777-4968-90DA-D7765340B19B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |

"{16914AFF-66E6-4211-A075-DF46B16D76D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{21864FFD-EFB6-4E56-8E27-F6C83E109F37}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{2584C5EA-067D-4B8E-8A86-64AF9AACE432}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |

"{2E0A6918-759B-4CC8-9235-08493B035CF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{32185836-985F-426D-B99E-B9F4026CF947}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |

"{33692009-0448-427D-84E2-C3E06F7DE669}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{35D09106-35EA-4AA8-B536-250C2057B44D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{393AFAF1-9485-421F-B0A1-06430810972D}" = protocol=6 | dir=out | app=system |

"{541D9A7B-B001-40BA-907D-21F77B4DF9D8}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |

"{55DB7DD2-297E-4A46-9AAF-DD1E71C7E701}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{5A5C47A8-B2B2-472B-BC77-47C290AF7E9C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{7371C784-1096-4384-A0EF-B96882CCD858}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{820D7D0A-12C2-4542-9AB4-D850960BBD64}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{84F8D083-BCBE-4923-9770-E131AE0269E3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{84F9C5CD-748B-47A9-B6D0-41D425F74F39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8DE3143B-F7AA-4883-94F8-E99B6BCD8161}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8E0201D5-4EC2-41BF-8B37-160B50C01CCA}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{8ECC8D3A-441A-49F6-9FB4-9F8CE00A8B4E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{9B99D1C8-7058-4183-B19E-E567003A51C9}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{9E130835-7C50-46C5-BA55-8AC1C3FF1378}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A68C44E0-553E-473C-A7EC-26802AA74CEF}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{B3AF4DD4-9130-4231-B654-527DA79B6C95}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{BE2119F4-996F-4DC0-A1FB-43F575713918}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C1FB7BFF-2D17-470B-B3B0-2D5CE02CB370}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{CAC3F191-4F7B-4637-B8C2-5B31BAC9D0C8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{CB31AA01-50B6-4CDE-B401-6BDC9DAA0747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CC36487B-6E62-4E18-BD81-4A27B515667D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{CDA4D31C-0110-48B6-BEBC-0E9566404634}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{CEC2055D-173B-486F-9DA1-45AF66C1B7C2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{D069B892-9488-490F-9075-96572152DE72}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{D30AF615-A84B-477A-9B83-9DE79C4E7F48}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{DB69BC38-D1C8-485B-A88D-9912950B88E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DF29289F-5B32-4384-AD35-23607FC1D194}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{E3FF8E64-6912-4349-AB78-AC63622357EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E5ABCD78-AC0A-42F9-A24E-0328D48C4C0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E621F5EA-D7CC-41B1-9DCE-AF6E4E71D241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"TCP Query User{0564F18C-A18B-4B2F-BE6F-AE4486B599BD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{0C43E288-0B22-48C1-95B9-604ED520B7A7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{0F06848C-1144-411D-912A-AACF63F95136}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{1A8F1A73-532E-4085-B86C-0C626DC03902}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{52D1C519-59AA-444A-BF8C-12D766483D0C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{BA03589B-D2CF-4DBE-89BC-2868518CC66A}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"TCP Query User{C77C371A-E654-4DAA-90E1-67B12CC2A4BA}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{E51F7928-F7B0-457D-977B-1C310DA05265}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{063989ED-8FF8-44BA-9F30-FA722C891A47}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"UDP Query User{07D483C9-808D-4620-9383-2FDCEAEB5228}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{0D48D2F5-659A-4C74-89E7-4286F976652F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{36F09FB2-305D-49C7-AF0C-6638E881C9C9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{3FC89C72-5424-44D5-A890-A4FF8FCD2BD3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{C765BBC9-FB02-489F-83DE-6EA3FA300E3B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{D7354CBB-2444-4658-907D-9485B1C19057}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F4947284-8145-4DB9-BFB3-C3DB00E1D9AE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent

"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help

"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode

"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool

"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM

"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights

"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution

"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13

"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart

"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help

"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter

"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap

"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision

"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help

"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed

"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{783e7d2e-32c0-48d3-88e9-b6cd4276e03c}" = Nero 9

"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4143

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

5/25/2010 5:15:38 PM

mbam-log-2010-05-25 (17-15-38).txt

Scan type: Quick scan

Objects scanned: 136956

Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

The one that came from gmer is nothing to worry about as it happens a lot to most machines that try to run it.

There really is nothing in any log pointing to malware.

Sure you can run more scans.

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=3eeec9c29969614db12af2721c762f40

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-05-28 12:31:29

# local_time=2010-05-27 08:31:29 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 51028047 51028047 0 0

# compatibility_mode=769 16775165 100 98 0 210365700 0 0

# compatibility_mode=5892 16776573 100 100 0 111602874 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=139653

# found=1

# cleaned=1

# scan_time=11342

C:\Users\Natalie\Music\whyyouwannabringmedown kelly.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.