Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer wont get out of safe mode


  • This topic is locked This topic is locked
8 replies to this topic

#1 cssltx

cssltx

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 30 January 2011 - 06:34 PM

Hello you guys! I have a HP pavillion ze4900 laptop running windows vista home premium. I am experiencing a problem that consist of the operating system boots in safe mode only and that it has disabled my internet. I ran Hijack this and here is my log. Thank you in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:07 AM, on 1/30/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\DrWeb\spideragent.exe
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\frwl_notify.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Users\Chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun
O4 - HKLM\..\Run: [SpIDerGate] "C:\Program Files\DrWeb\spidergate.exe" -autorun
O4 - HKLM\..\Run: [Dr.Web Firewall] "C:\Program Files\DrWeb\frwl_notify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: Dr.Web Firewall Service (DrWebFWSvc) - Doctor Web, Ltd. - C:\Program Files\DrWeb\frwl_svc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

--
End of file - 4660 bytes

sorry...here is my dds log as well:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Chris at 16:00:16.43 on Sun 01/30/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.990.146 [GMT -8:00]

AV: Doctor Web Anti-Virus *Enabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Doctor Web Anti-Virus *Enabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}
FW: Dr.Web Firewall *Enabled* {54FD2F0C-F7E9-625E-7F1B-B80A587561A3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DrWeb\frwl_svc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DrWeb\spideragent.exe
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\spidergate.exe
C:\Program Files\DrWeb\frwl_notify.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"
mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" -autorun
mRun: [SpIDerGate] "c:\program files\drweb\spidergate.exe" -autorun
mRun: [Dr.Web Firewall] "c:\program files\drweb\frwl_notify.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\drweb\drwebsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\hcgxxjyz.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-4-26 135032]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2010-4-26 93944]
R1 DRWEBAF;DrWEB Firewall Application Filter;c:\windows\system32\drivers\drwebaf.sys [2010-4-26 84728]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2010-4-1 1660248]
R2 DrWebFWSvc;Dr.Web Firewall Service;c:\program files\drweb\frwl_svc.exe [2010-8-11 2266096]
R3 DrWebPF;DrWeb Packet Filter Driver;c:\windows\system32\drivers\drwebpf.sys [2010-4-26 72568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-24 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-6 24652]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-30 19:14:24 -------- d-----w- c:\users\chris\appdata\local\temp
2011-01-30 19:12:49 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-30 08:50:23 -------- d-----w- c:\program files\iPod
2011-01-12 03:41:16 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 03:41:11 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-12 03:41:10 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-12 03:41:09 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-12 03:41:08 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 03:41:08 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-12 03:40:29 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-02 07:15:07 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-08 09:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 16:03:26.46 ===============

here is my Combofix report as well...

ComboFix 11-01-29.03 - Chris 01/30/2011 10:51:15.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.990.204 [GMT -8:00]
Running from: F:\69.net.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
.

2011-01-30 19:06 . 2011-01-30 19:06 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-01-30 19:06 . 2011-01-30 19:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-30 19:06 . 2011-01-30 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-30 08:50 . 2011-01-30 08:50 -------- d-----w- c:\program files\iPod
2011-01-12 03:41 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 03:41 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 03:41 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 03:41 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 03:41 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 03:41 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 03:40 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-02 07:15 . 2011-01-02 07:15 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-26 09:45 . 2010-04-27 07:32 93944 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2010-12-13 13:04 . 2010-04-27 07:32 135032 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-11 12:58 . 2010-04-27 07:30 72568 ----a-w- c:\windows\system32\drivers\drwebpf.sys
2010-11-11 12:58 . 2010-04-27 07:30 84728 ----a-w- c:\windows\system32\drivers\drwebaf.sys
2010-11-04 18:56 . 2010-12-16 06:22 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 06:22 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 06:21 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 06:22 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 06:21 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-16 06:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-16 06:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-16 06:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-16 06:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-16 06:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-16 06:19 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-16 06:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-16 06:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpIDerAgent"="c:\program files\DrWeb\SpIDerAgent.exe" [2011-01-17 1435888]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2011-01-26 1572592]
"SpIDerGate"="c:\program files\DrWeb\spidergate.exe" [2010-12-13 2109168]
"Dr.Web Firewall"="c:\program files\DrWeb\frwl_notify.exe" [2010-11-22 2575624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 08:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 12:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-21 17:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 09:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2010-12-14 1660248]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-12-13 135032]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-01-26 93944]
S1 DRWEBAF;DrWEB Firewall Application Filter;c:\windows\system32\drivers\drwebaf.sys [2010-11-11 84728]
S2 DrWebFWSvc;Dr.Web Firewall Service;c:\program files\DrWeb\frwl_svc.exe [2010-11-22 2266096]
S3 DrWebPF;DrWeb Packet Filter Driver;c:\windows\system32\DRIVERS\DrWebPF.sys [2010-11-11 72568]


--- Other Services/Drivers In Memory ---

*Deregistered* - Dwsh00002018

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\Dr.Web Daily scan.job
- c:\program files\DrWeb\DrWeb32w.exe [2010-03-19 13:55]

2011-01-30 c:\windows\Tasks\Dr.Web Update.job
- c:\program files\DrWeb\DrWebUpW.exe [2010-04-07 09:45]

2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{E9002252-502A-4609-9FD5-0FD3BEF7C9BE}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\DrWeb\drwebsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\hcgxxjyz.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Dr.Web anti-virus link checker: {6614d11d-d21d-b211-ae23-815234e1ebb5} - %profile%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-30 11:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
"Name"="ImagePath"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-30 11:14:20
ComboFix-quarantined-files.txt 2011-01-30 19:13
ComboFix2.txt 2009-11-08 08:49

Pre-Run: 73,133,895,680 bytes free
Post-Run: 73,775,484,928 bytes free

- - End Of File - - 83356BCFB2597C4BB3F75748FC0E0FE9

EDIT: Please be patient. There are over 170 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~BP

Edited by Budapest, 01 February 2011 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 04 February 2011 - 09:26 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 cssltx

cssltx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 05 February 2011 - 05:57 PM

Thank you Mole! I am here, I will wait patiently. Thank you for your time!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 05 February 2011 - 06:27 PM

Follow this site's instructions on how to boot into repair mode to attempt to fix the problem.
Posted Image
m0le is a proud member of UNITE

#5 cssltx

cssltx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 05 February 2011 - 06:45 PM

This would be great, only problem is I misplaced my vista DVD...is there a way I can access this without the DVD? Or, another option is I do have windows xp recovery disc that originally came with this system. I am trying to avoid formatting the hard drive and doing a clean install but if I don't have a choice, then thAts ok too. Thank you!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 05 February 2011 - 08:30 PM

Ideally we want to repair the boot but we have possible other options. First, let's try this.

Download the recovery disk for your Vista from NeoSmart here.

Straightforward instructions (if you need them)
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 08 February 2011 - 08:42 PM

You still here?
Posted Image
m0le is a proud member of UNITE

#8 cssltx

cssltx
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 09 February 2011 - 01:57 AM

I'm sorry, I have to put this repair on hold, my mom is really sick in the hospital. I will get to it as soon as I can. Thank you for your time.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:53 PM

Posted 09 February 2011 - 04:11 PM

I'm sorry to hear that, cssltx.

I will close the topic and when you're ready just PM me with a link :)
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users