Author Topic: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows  (Read 6434 times)

0 Members and 1 Guest are viewing this topic.

Offline artzdelux

  • Bronze Member
  • Posts: 35
Hi,
Hoping someone can help me.  Yesterday afternoon, I began receiving virus warnings from Avira.  I quickly shut down and restarted in safe mode.  I ran Avira, which found 25 viruses, and Superantispyware, which found over 1000 notifications.  I removed all files, but cannot boot into the Normal/ standard windows.  Further, since this issue began, all programs, files, etc., are missing from my start menu.  I am only able to see any folders and files at all through explorer once I show hidden files.  I am not sure what at all to do, and don't want to have to reinstall windows unless absolutely necessary.  The logs to Superantispyware are posted below.  Please help and thanks for anything you can do for me!



« Last Edit: April 03, 2012, 02:20:25 pm by kevinf80 »



Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #1 on: February 19, 2012, 05:36:15 pm »
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/19/2012 at 05:56 PM
Application Version : 5.0.1144
Core Rules Database Version : 8260
Trace Rules Database Version: 6072
Scan type       : Complete Scan
Total Scan Time : 01:23:29
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned      : 346
Memory threats detected   : 0
Registry items scanned    : 33891
Registry threats detected : 12
File items scanned        : 54705
File threats detected     : 1192
Trojan.Agent/Gen-FakeAlert[Local]
 [cwuKGCkVOILNu.exe] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CWUKGCKVOILNU.EXE
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\CWUKGCKVOILNU.EXE
Rootkit.NDisProt/Fake
 HKLM\System\ControlSet001\Services\NDISPROT
 C:\WINDOWS\SYSTEM32\DRIVERS\NDISPROT.SYS
 HKLM\System\ControlSet001\Enum\Root\LEGACY_NDISPROT
 HKLM\System\ControlSet003\Services\NDISPROT
 HKLM\System\ControlSet003\Enum\Root\LEGACY_NDISPROT
 HKLM\System\CurrentControlSet\Services\NDISPROT
 HKLM\System\CurrentControlSet\Enum\Root\LEGACY_NDISPROT
Rogue.SystemTool
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Tool2011
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Tool2011#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Tool2011#ShortcutPath
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Tool2011#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Tool2011#DisplayIcon
Adware.Tracking Cookie
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@2o7[1].txt [ /2o7 ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@ads.pointroll[1].txt [ /ads.pointroll ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@adxpose[1].txt [ /adxpose ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@apmebf[2].txt [ /apmebf ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@apmebf[3].txt [ /apmebf ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@atdmt[1].txt [ /atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@atdmt[2].txt [ /atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@atdmt[3].txt [ /atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@c.atdmt[2].txt [ /c.atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@c.atdmt[3].txt [ /c.atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@c.atdmt[4].txt [ /c.atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@collective-media[1].txt [ /collective-media ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@doubleclick[1].txt [ /doubleclick ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@doubleclick[2].txt [ /doubleclick ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@fastclick[1].txt [ /fastclick ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@fastclick[2].txt [ /fastclick ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@h.atdmt[2].txt [ /h.atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@h.atdmt[3].txt [ /h.atdmt ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@imrworldwide[2].txt [ /imrworldwide ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@interclick[1].txt [ /interclick ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@invitemedia[1].txt [ /invitemedia ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@pointroll[2].txt [ /pointroll ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@ru4[1].txt [ /ru4 ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@specificclick[1].txt [ /specificclick ]
 C:\Documents and Settings\Administrator.ARTZDELUX\Cookies\administrator@zedo[1].txt [ /zedo ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@www.nextag[1].txt [ Cookie:greg@www.nextag.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@discounttiredirect[1].txt [ Cookie:greg@discounttiredirect.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@nextag[3].txt [ Cookie:greg@nextag.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@liveperson[1].txt [ Cookie:greg@liveperson.net/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@imrworldwide[2].txt [ Cookie:greg@imrworldwide.com/cgi-bin ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@interclick[1].txt [ Cookie:greg@interclick.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@sales.liveperson[2].txt [ Cookie:greg@sales.liveperson.net/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@ad.yieldmanager[1].txt [ Cookie:greg@ad.yieldmanager.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@c.atdmt[2].txt [ Cookie:greg@c.atdmt.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@atdmt[2].txt [ Cookie:greg@atdmt.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\Cookies\greg@adbrite[2].txt [ Cookie:greg@adbrite.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@www.clickmanage[2].txt [ Cookie:laura@www.clickmanage.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@lockedonmedia[2].txt [ Cookie:laura@lockedonmedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@a1.interclick[1].txt [ Cookie:laura@a1.interclick.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@adecn[2].txt [ Cookie:laura@adecn.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@collective-media[4].txt [ Cookie:laura@collective-media.net/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@yieldmanager[2].txt [ Cookie:laura@yieldmanager.net/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@myroitracking[1].txt [ Cookie:laura@myroitracking.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@sales.liveperson[2].txt [ Cookie:laura@sales.liveperson.net/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@ads.medbanner[1].txt [ Cookie:laura@ads.medbanner.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@kanoodle[2].txt [ Cookie:laura@kanoodle.com/ ]

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #2 on: February 19, 2012, 05:37:03 pm »
C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@www.burstnet[1].txt [ Cookie:laura@www.burstnet.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@specificmedia[3].txt [ Cookie:laura@specificmedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@ru4[1].txt [ Cookie:laura@ru4.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@bluestreak[2].txt [ Cookie:laura@bluestreak.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@akira[2].txt [ Cookie:laura@questionpro.com/akira/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@liveperson[1].txt [ Cookie:laura@liveperson.net/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@media6degrees[1].txt [ Cookie:laura@media6degrees.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@ads.10click[2].txt [ Cookie:laura@ads.10click.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@beacon.dmsinsights[2].txt [ Cookie:laura@beacon.dmsinsights.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@qnsr[1].txt [ Cookie:laura@qnsr.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@cgi-bin[3].txt [ Cookie:laura@imrworldwide.com/cgi-bin ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@azjmp[2].txt [ Cookie:laura@azjmp.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@at.atwola[2].txt [ Cookie:laura@at.atwola.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@invitemedia[1].txt [ Cookie:laura@invitemedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@interclick[1].txt [ Cookie:laura@interclick.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@media.expedia[2].txt [ Cookie:laura@media.expedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@adxpose[1].txt [ Cookie:laura@adxpose.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@content.yieldmanager[3].txt [ Cookie:laura@content.yieldmanager.com/ak/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@d.mediaforceads[1].txt [ Cookie:laura@d.mediaforceads.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@liveperson[2].txt [ Cookie:laura@liveperson.net/hc/82247026 ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@lynxtrack[1].txt [ Cookie:laura@lynxtrack.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@cgi-bin[5].txt [ Cookie:laura@www.3dstats.com/cgi-bin ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@burstbeacon[2].txt [ Cookie:laura@burstbeacon.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@track.tmpservice[1].txt [ Cookie:laura@track.tmpservice.com/ ]
 C:\DOCUMENTS AND SETTINGS\LAURA\Cookies\laura@banner.adchemy[1].txt [ Cookie:laura@banner.adchemy.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@imrworldwide[5].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@ru4[1].txt [ Cookie:system@ru4.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@media6degrees[3].txt [ Cookie:system@media6degrees.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@atdmt[5].txt [ Cookie:system@atdmt.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@lucidmedia[5].txt [ Cookie:system@lucidmedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@realmedia[5].txt [ Cookie:system@realmedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@adbrite[6].txt [ Cookie:system@adbrite.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@apmebf[4].txt [ Cookie:system@apmebf.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@network.realmedia[4].txt [ Cookie:system@network.realmedia.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@tribalfusion[3].txt [ Cookie:system@tribalfusion.com/ ]
 C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\system@advertising[3].txt [ Cookie:system@advertising.com/ ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@EXOCLICK[1].TXT [ /EXOCLICK ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@LIVEPERSON[3].TXT [ /LIVEPERSON ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@MEDIA.EXPEDIA[2].TXT [ /MEDIA.EXPEDIA ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@NEXTAG[2].TXT [ /NEXTAG ]
 C:\DOCUMENTS AND SETTINGS\GREG\COOKIES\GREG@SALES.LIVEPERSON[1].TXT [ /SALES.LIVEPERSON ]
 a.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 adsatt.espn.go.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 b.ads2.msads.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 bannerfarm.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 cdn4.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 insight.randomhouse.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 interclick.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 kona.kontera.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 m1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 macromedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media.tattomedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media.theonion.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media.thewb.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media.vmixcore.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 media1.break.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 mediaforgews.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 spe.atdmt.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 udn.specificclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5DNHMEM ]
 .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .atdmt.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .atdmt.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .advertising.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .pointroll.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 adserver.redkaraoke.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 adserver.adreactor.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .adbrite.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 user.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .ru4.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .apmebf.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .interclick.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .interclick.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .interclick.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .chitika.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .adecn.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .yadro.ru [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .yadro.ru [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .zedo.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .zedo.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .xiti.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .azjmp.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .revsci.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .specificclick.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .specificmedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .pro-market.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .trafficmp.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .legolas-media.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .trvlnet.adbureau.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .adxpose.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .collective-media.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .atdmt.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .atdmt.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .realmedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 .network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 fidelity.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]
 fidelity.rotator.hadj7.adjuggler.net [ C:\DOCUMENTS AND SETTINGS\LAURA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UOQEQV3O.DEFAULT\COOKIES.SQLITE ]

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #3 on: February 19, 2012, 06:20:45 pm »
Hello artzdelux and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Re-boot into Safe Mode with Networking, Re-boot your PC continuously tap the F8 Key until you see the Windows Advanced Menu, from the options select Safe Mode with Networking.



When stable do the following

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available Here if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin



Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #4 on: February 19, 2012, 07:34:37 pm »
Combofix log.

ComboFix 12-02-13.01 - Administrator 02/19/2012  20:21:33.1.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2800 [GMT -5:00]
Running from: c:\documents and settings\Administrator.ARTZDELUX\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\driver
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
G:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-20 to 2012-02-20  )))))))))))))))))))))))))))))))
.
.
2012-02-19 22:22 . 2012-02-19 22:22   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-02-19 21:32 . 2012-02-19 21:32   --------   d-----w-   c:\documents and settings\Administrator.ARTZDELUX\Application Data\SUPERAntiSpyware.com
2012-02-19 21:31 . 2012-02-19 21:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-02-19 21:31 . 2012-02-19 21:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-19 00:05 . 2012-02-19 00:05   --------   d-----w-   c:\documents and settings\Administrator.ARTZDELUX\Local Settings\Application Data\Identities
2012-02-18 22:50 . 2012-02-18 22:50   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2012-02-18 22:02 . 2012-02-18 22:33   --------   d-----w-   c:\documents and settings\Administrator.ARTZDELUX\Local Settings\Application Data\Adobe
2012-02-18 21:59 . 2012-02-18 21:59   --------   d-sh--w-   c:\documents and settings\Administrator.ARTZDELUX\PrivacIE
2012-02-18 18:39 . 2012-02-20 01:07   0   --sha-w-   c:\windows\system32\dds_trash_log.cmd
2012-01-22 00:54 . 2012-01-22 00:54   --------   d--h--w-   c:\program files\VitalSource Bookshelf
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 21:23 . 2008-07-21 10:23   110592   ----a-w-   c:\windows\DUMP5c49.tmp
2012-02-16 00:59 . 2011-11-15 01:26   137416   ---ha-w-   c:\windows\system32\drivers\avipbb.sys
2012-01-07 18:32 . 2012-01-07 18:32   414368   ---ha-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-02 05:15 . 2012-01-02 05:15   0   ---ha-w-   C:\LOG35.tmp
2011-12-25 18:04 . 2004-08-03 13:56   26112   ---ha-w-   c:\windows\system32\userinit.exe
2011-12-18 18:40 . 2011-12-18 18:40   0   ---ha-w-   C:\LOG16.tmp
2011-12-18 18:23 . 2011-12-18 18:23   0   ---ha-w-   C:\LOGB.tmp
2011-12-10 20:24 . 2009-01-08 23:23   20464   ---ha-w-   c:\windows\system32\drivers\mbam.sys
2011-11-23 00:12 . 2011-11-26 19:00   16432   ---ha-w-   c:\windows\system32\lsdelete.exe
2011-11-23 00:12 . 2011-04-19 22:20   101720   ---ha-w-   c:\windows\system32\drivers\SBREDrv.sys
2007-11-09 20:10 . 2007-11-09 20:10   30288   ---ha-w-   c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 20:10 . 2007-11-09 20:10   79440   ---ha-w-   c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 20:10 . 2007-11-09 20:10   75344   ---ha-w-   c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 20:10 . 2007-11-09 20:10   140880   ---ha-w-   c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 20:10 . 2007-11-09 20:10   42576   ---ha-w-   c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 20:10 . 2007-11-09 20:10   50768   ---ha-w-   c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 20:10 . 2007-11-09 20:10   34384   ---ha-w-   c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 20:11 . 2007-11-09 20:11   685648   ---ha-w-   c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 20:11 . 2007-11-09 20:11   30288   ---ha-w-   c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-23 00:31 . 2011-06-12 15:36   134104   ---ha-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-11 16342528]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest wsauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Laura\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [1/16/2012 7:26 PM 39984]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/14/2011 8:26 PM 36000]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/21/2008 1:05 PM 13696]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/22/2008 11:27 PM 16768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/14/2011 8:26 PM 86224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
S2 NetworkLog;NetworkLog;c:\windows\svcs.exe --> c:\windows\svcs.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/8/2008 5:47 PM 24652]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2/18/2011 6:37 PM 494192]
S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2/18/2011 6:38 PM 793200]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2/21/2010 12:23 PM 103552]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NVNET
de_serv
qbfcservice
btwrchid
sffdisk
hcwPVRP2
Hardlock
npkcsvc
oracleorahomedatagatherer
z800mdm
bdss
svcwmu
Amsmpu4p
pcidrv
se45mdfl
trackcam4
inort
p2pgasvc
cwafreportscheduler
msgsrvservice
rksample
axinstsv
iaimfp2
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-02-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-24 02:18]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator.ARTZDELUX\Application Data\Mozilla\Firefox\Profiles\6ioqnxb3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-c:\windows\system32\kdkjo.exe - c:\windows\system32\kdkjo.exe
HKLM-Run-dplaysvr - c:\documents and settings\Administrator.ARTZDELUX\Application Data\dplaysvr.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Administrator.ARTZDELUX\Application Data\dplaysvr.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\windows\$NtUninstallKB13067$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS721616PLA380 rev.P22OABEA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8ABA82C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1326574676-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,aa,3f,d4,c3,c3,a4,47,89,b6,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,aa,3f,d4,c3,c3,a4,47,89,b6,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wsauth.dll
.
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\WININET.dll
c:\windows\system32\wsauth.dll
.
Completion time: 2012-02-19  20:32:36
ComboFix-quarantined-files.txt  2012-02-20 01:32
.
Pre-Run: 24,791,179,264 bytes free
Post-Run: 26,222,485,504 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6B7BCC9CCA08563455050FE4FAF01A13


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #5 on: February 20, 2012, 01:43:08 am »
Re-boot your system into Normal mode, delete any version of Combofix that you have on your desktop. Download a fresh copy from either of the following links:

Link 1
Link 2
 
Save direct to your Desktop again and run as previously instructed. Please make sure that you turn OFF Avira before you run CF.

Read here - http://www.bleepingcomputer.com/forums/topic114351.html to turn off Avira...

If for any reason CF will not run, boot back to safe mode with NW and run again...

Kevin

EDIT - Added instruction to turn off security

« Last Edit: February 20, 2012, 02:06:56 am by kevinf80 »

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #6 on: February 20, 2012, 10:33:46 am »
I will re-run this evening.  I apologize, I had no active programs running, so I am not sure why Avira showed it was.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #7 on: February 20, 2012, 10:37:50 am »
Okey Dokey,

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #8 on: February 20, 2012, 05:26:58 pm »
HI, I am having issues trying to get Avira to stop running.  I've followed the instructions on the link you provided with no luck.  THere is no umbrella logo in the system tray to click.  I've pressed ctrl+alt+delete and checked for anything running, nothing is.  I even went into msconfig and disabled all Avira startups in the services menu & restarted with no success.

Do you have any other suggestions on what I can do to proceed?

I am unable to boot into normal windows.  It just resets back to the main screen while loading.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #9 on: February 20, 2012, 05:52:53 pm »
Ok do the following from Safemode with NW:

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in
Code: [Select]
msconfig
 netsvcs
 %systemroot%\*. /rp /s     
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
       
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Also do you have access to another PC also have a blank CD and a USB memory stick....
« Last Edit: February 20, 2012, 05:57:30 pm by kevinf80 »

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #10 on: February 20, 2012, 06:45:01 pm »
OTL Extras logfile created on: 2/20/2012 7:39:21 PM - Run 1
OTL by OldTimer - Version 3.2.33.1     Folder = C:\Documents and Settings\Administrator.ARTZDELUX\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 89.18% Memory free
4.84 Gb Paging File | 4.73 Gb Available in Paging File | 97.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 23.99 Gb Free Space | 40.95% Space Free | Partition Type: NTFS
Drive G: | 90.45 Gb Total Space | 3.39 Gb Free Space | 3.74% Space Free | Partition Type: NTFS
 
Computer Name: ARTZDELUX | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0004D4C8-7F6C-BA20-32B2-5C861FA340CB}" = Catalyst Control Center Graphics Full Existing
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1" = XBCD Uninstaller
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10053F59-0765-163D-F759-155E6DA35AB6}" = CCC Help English
"{101E4225-8983-7850-3E8C-00C5E0A13B40}" = ccc-core-static
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F555374-449A-0734-73EA-5FF6207FA30F}" = Skins
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5141D667-6FE0-DFD6-FDC8-C981DC06520C}" = Catalyst Control Center Graphics Full New
"{51C9B6D6-BF0F-3BA5-1EA4-17C6190DBE07}" = ccc-core-preinstall
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{62192BB6-268A-4AE6-A28B-FAD6EDDEB562}_is1" = G-Tones
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6EAE7522-A88F-48F9-9FC1-0BDAD18F4253}" = T Utility Over Clock II
"{735C3FB3-53CD-4AEB-9E91-B022FDE2E2B0}" = ScrewDrivers Client v4 (ica only)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{86F68693-A637-1F4D-5D4F-4D58486A4601}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE888E0F-6727-0045-A966-CFB975AC15BA}" = Catalyst Control Center Graphics Previews Common
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4EE51E6-2C80-4B04-BDE0-ED4E87BEFECD}_is1" = Pavtube Video Converter version 3.5.1.2185
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C952BD03-9AC6-F898-B17F-9352638EC93C}" = Catalyst Control Center Core Implementation
"{CA78EE0D-B198-46BF-80E6-89EE4D49101D}" = VMware View Client
"{CADF1911-C4FB-8651-36E0-FF06DAA75F28}" = Catalyst Control Center Graphics Light
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Frets on Fire" = Frets On Fire
"GoldWave v5.56" = GoldWave v5.56
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"kSolo" = kSolo Recorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Open Codecs" = Xiph.Org Open Codecs 0.84.17359
"PC Suite" = PC Suite
"POM for Windows (Version 4)" = POM for Windows (Version 4)
"Power Sound Editor Free" = Power Sound Editor Free
"PowerISO" = PowerISO
"UltimateDefrag" = UltimateDefrag
"UltimateZip 2007_is1" = UltimateZip 2007
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zen V Series Media Explorer" = ZEN V Series Media Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 2/20/2012 7:18:34 PM | Computer Name = ARTZDELUX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 2/20/2012 7:18:34 PM | Computer Name = ARTZDELUX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
Error - 2/20/2012 7:23:01 PM | Computer Name = ARTZDELUX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 2/20/2012 7:23:01 PM | Computer Name = ARTZDELUX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
Error - 2/20/2012 7:28:01 PM | Computer Name = ARTZDELUX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 2/20/2012 7:28:01 PM | Computer Name = ARTZDELUX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
Error - 2/20/2012 7:45:01 PM | Computer Name = ARTZDELUX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 2/20/2012 7:45:01 PM | Computer Name = ARTZDELUX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
Error - 2/20/2012 7:50:21 PM | Computer Name = ARTZDELUX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 2/20/2012 7:50:21 PM | Computer Name = ARTZDELUX | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
 CoCreateInstance.  hr = 0x80040206.
 
[ System Events ]
Error - 2/20/2012 7:45:01 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/20/2012 7:50:21 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/20/2012 8:16:51 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 2/20/2012 8:21:15 PM | Computer Name = ARTZDELUX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   avipbb  avkmgr  BIOS  BS_I2cIo  Fips  Processor  SASDIFSV  SASKUTIL  SCDEmu  ssmdrv
 
Error - 2/20/2012 8:21:20 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/20/2012 8:27:39 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 2/20/2012 8:33:29 PM | Computer Name = ARTZDELUX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   avipbb  avkmgr  BIOS  BS_I2cIo  Fips  Processor  SASDIFSV  SASKUTIL  SCDEmu  ssmdrv
 
Error - 2/20/2012 8:33:41 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2/20/2012 8:38:09 PM | Computer Name = ARTZDELUX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   avipbb  avkmgr  BIOS  BS_I2cIo  Fips  Processor  SASDIFSV  SASKUTIL  SCDEmu  ssmdrv
 
Error - 2/20/2012 8:38:13 PM | Computer Name = ARTZDELUX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #11 on: February 20, 2012, 07:17:34 pm »
Hi, I cznt post the other file I am gettimh an http forbidden web page sayimg I am infected with
a virus. Can I attach it somehow? I am on a cell phone makimg this post

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #12 on: February 20, 2012, 07:21:55 pm »
Other scan attached

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7351
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #13 on: February 21, 2012, 02:07:19 am »
You have not attached OTL.txt, Do you have access to another PC and have a blank CD and a USB memory stick, we may need to create some tools to have a look at your system from outside of windows..

Offline artzdelux

  • Bronze Member
  • Posts: 35
Re: [InActive K] All Programs Missing, Cant Boot into "Normal" Windows
« Reply #14 on: February 22, 2012, 08:06:56 am »
Sorry having trouble trying to post - keep getting web page errors stating page is forbidden because I have a virus, from all 4 of the different coputers I've tried.