Jump to content


Photo

Computer Freezing at Startup


  • This topic is locked This topic is locked
18 replies to this topic

#1 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 26 September 2010 - 12:17 PM

Okay so this is my first post because the problem I have is a big one.

Okay so my computer one day starts freezing on me from standby so I decide to restart and the computer still freezes up on startup. I'm currently running Windows XP Media Center Edition on my Dell Inspiron E1505. So I figure that I have a virus and a run a virus scan using microsoft security essentials and I find out there were like 5 viruses on my comp so I get rid of them thinking that will solve the problem. Unfortunately, that seemed to only make things worse as now every time I start my comp, I get a "Generic Host Process for Win32 Services has encountered a problem and needs to close" error message which completely freezes my comp and has also disabled my sound device. I can only access my computer in safe mode and I have no clue as to what is going on since spybot search & destroy, malwarebytes, and microsoft security essentials all can't find anything. A system restore didn't do anything to help the problem either. I recently ran a hijackthis log to see if there was anything wrong that couldn't be found by those 3 programs and this is what came up.

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1265684320608
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1265737607750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Unknown owner - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (file missing)

--
End of file - 7507 bytes


So, if anyone could help me out, I would greatly appreciate it.

Thanks

#2 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 26 September 2010 - 12:40 PM

Also, here's the DDS file to that the FAQs say I should post too (all this is running in safe mode)


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by L at 11:32:37.65 on Sun 09/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.662 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lawrence\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265684320608
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265737607750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lawrence\applic~1\mozilla\firefox\profiles\u39o97y7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\lawrence\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\lawrence\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\lawrence\application data\mozilla\firefox\profiles\u39o97y7.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-16 342128]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-16 70216]
S2 vpnagent;Cisco AnyConnect VPN Agent;"c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe" --> c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-9 38224]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-16 91640]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-16 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-16 65224]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-14 280344]

=============== Created Last 30 ================

2010-09-26 17:15:25 0 d-----w- c:\program files\Trend Micro
2010-09-22 07:35:43 4886528 ----a-w- c:\windows\system32\stac97.cpl
2010-09-22 07:14:20 0 d-----w- c:\docume~1\lawrence\applic~1\Easeware
2010-09-22 07:13:51 0 d-----w- c:\program files\Easeware
2010-09-21 00:46:43 0 d-----w- c:\windows\system32\wbem\Repository
2010-09-19 06:51:34 0 d-----w- c:\windows\system32\appmgmt
2010-09-19 02:35:38 0 d--h--w- c:\windows\ie8
2010-09-16 01:20:14 0 d-----w- C:\23f29374a685fe1cbc517348
2010-09-15 14:55:51 0 d-----w- C:\87694277e078ddc1cc68793907e85375
2010-09-12 22:13:54 0 d-----w- c:\program files\Veetle

==================== Find3M ====================

2010-09-26 16:54:10 3385 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-09-02 18:23:19 0 ----a-w- c:\windows\system32\drivers\ttkic.sys
2010-07-01 04:24:10 157452 ----a-w- c:\windows\hpoins28.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 11:33:14.39 ===============

Once again, any help would be greatly appreciated

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 29 September 2010 - 12:19 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 30 September 2010 - 11:49 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

The logs submitted do not show any suspicious items.

If you can use this computer and connect to the internet in Safe mode please download and run this tool.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall

p.s.
This can can be run in Safe Mode.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 30 September 2010 - 09:18 PM

hi nasdaq, thanks for the help. hopefully something can be done. here's the combofix log

ComboFix 10-09-30.03 - Lawrence 09/30/2010 20:04:34.1.2 - x86
Running from: c:\documents and settings\Lawrence\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lawrence\Application Data\Sky-Banners
c:\documents and settings\Lawrence\Application Data\Street-Ads
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\zrpt.xml

.
((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-09-30 06:31 . 2007-05-10 17:22 405504 ----a-w- c:\windows\stsystra.exe
2010-09-30 06:30 . 2010-09-30 06:30 -------- d-----w- c:\documents and settings\Lawrence\Application Data\Dell
2010-09-30 06:00 . 2007-04-11 00:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-09-26 17:15 . 2010-09-26 17:15 -------- d-----w- c:\program files\Trend Micro
2010-09-22 07:14 . 2010-09-22 07:14 -------- d-----w- c:\documents and settings\Lawrence\Application Data\Easeware
2010-09-22 07:13 . 2010-09-22 07:13 -------- d-----w- c:\program files\Easeware
2010-09-21 00:46 . 2010-09-21 00:46 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-19 02:35 . 2010-09-19 02:36 -------- d--h--w- c:\windows\ie8
2010-09-16 05:01 . 2010-09-16 05:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-16 04:20 . 2010-09-19 02:35 -------- d-----w- c:\documents and settings\Administrator\UserData
2010-09-16 04:13 . 2010-09-16 04:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NPAWorks
2010-09-16 01:20 . 2010-09-19 02:35 -------- d-----w- C:\23f29374a685fe1cbc517348
2010-09-15 14:55 . 2010-09-15 17:46 -------- d-----w- C:\87694277e078ddc1cc68793907e85375
2010-09-12 22:13 . 2010-09-21 01:45 -------- d-----w- c:\program files\Veetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 09:16 . 2010-02-19 18:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-30 06:11 . 2010-02-09 18:27 4895 ----a-w- c:\windows\system32\drivers\sthdae.log
2010-09-16 04:12 . 2010-04-25 00:54 68176 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-15 17:48 . 2010-02-28 00:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-02 18:23 . 2010-08-18 05:19 0 ----a-w- c:\windows\system32\drivers\ttkic.sys
2010-08-23 03:06 . 2010-08-23 03:03 -------- d-----w- c:\documents and settings\Lawrence\Application Data\Elluminate
2010-08-23 03:03 . 2010-08-23 03:03 90624 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\47\427cd62f-3295011c-n\JINECELP.dll
2010-08-23 03:03 . 2010-08-23 03:03 68096 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\47\427cd62f-3295011c-n\JIWAudio.dll
2010-08-23 03:03 . 2010-08-23 03:03 64000 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\47\427cd62f-3295011c-n\JIWMixer.dll
2010-08-23 03:03 . 2010-08-23 03:03 118784 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\14\5579ae4e-44a46693-n\WinVideo.dll
2010-08-23 03:03 . 2010-08-23 03:03 102400 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\47\427cd62f-3295011c-n\CoreAudio.dll
2010-08-23 03:03 . 2010-08-23 03:03 57856 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\27\94dcf9b-1ef8ccbf-n\WinPlatform.dll
2010-08-23 03:03 . 2010-08-23 03:03 57856 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\cache\6.0\27\94dcf9b-1ef8ccbf-n\WinGuiSupport.dll
2010-08-13 22:58 . 2010-08-13 22:58 348160 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4712192f-n\msvcr71.dll
2010-08-13 22:58 . 2010-08-13 22:58 503808 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4712192f-n\msvcp71.dll
2010-08-13 22:58 . 2010-08-13 22:57 499712 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4712192f-n\jmc.dll
2010-08-13 22:57 . 2010-08-13 22:57 61440 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-77338ee2-n\decora-sse.dll
2010-08-13 22:57 . 2010-08-13 22:57 12800 ----a-w- c:\documents and settings\Lawrence\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-77338ee2-n\decora-d3d.dll
2010-08-03 17:28 . 2010-07-01 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-07-29 22:54 . 2010-02-09 22:11 68176 ----a-w- c:\documents and settings\Lawrence\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 03:07 . 2010-03-16 23:16 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 645D2C4AECC8A819AD4F7F2B9BE5620B . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2010-4-14 1528880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-6-21 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [4/29/2009 8:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/16/2010 4:16 PM 70216]
S2 vpnagent;Cisco AnyConnect VPN Agent;"c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe" --> c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/16/2010 4:16 PM 65224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-09-22 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-09-22 17:27]

2010-10-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\u39o97y7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Lawrence\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Lawrence\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Lawrence\Application Data\Mozilla\Firefox\Profiles\u39o97y7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 20:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1328)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-30 20:14:08
ComboFix-quarantined-files.txt 2010-10-01 03:14

Pre-Run: 89,894,756,352 bytes free
Post-Run: 90,451,423,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B054D9244FB40B292AE2D55FBC4A26ED


once again, thanks!

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 02 October 2010 - 07:27 AM

If you now are able to start the computer normally please run ComboFix in the regular mode.
Make sure you Virus and Firewall programs are disable.

If not copy and paste the Attach.txt log that was also created when you ran the DDS tool. It should be in the same folder as the DDS application.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 02 October 2010 - 01:19 PM

thanks,

my comp is still acting up and i have no idea what's wrong. The error message doesn't seem to be popping up anymore but I still don't have access to everything as it continues to freeze up or respond very slowly. I still don't have sound and rolling back the sound driver didn't fix it so I'm hoping that whatever is messing up my computer is involved with its sound too.

Here's the DDS attach file thing (you requested that i paste it so here it is)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2010 2:16:59 PM
System Uptime: 9/26/2010 10:01:35 AM (1 hours ago)

Motherboard: Dell Inc. | | 0XD720
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 83.886 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA

==== System Restore Points ===================

RP138: 6/23/2010 3:38:42 AM - Software Distribution Service 3.0
RP139: 6/24/2010 10:46:20 AM - Software Distribution Service 3.0
RP140: 6/25/2010 9:52:07 PM - System Checkpoint
RP141: 6/26/2010 8:56:44 PM - Software Distribution Service 3.0
RP142: 6/27/2010 8:59:09 PM - Software Distribution Service 3.0
RP143: 6/28/2010 9:52:47 PM - Software Distribution Service 3.0
RP144: 6/29/2010 10:35:31 AM - Software Distribution Service 3.0
RP145: 6/30/2010 12:18:59 AM - Software Distribution Service 3.0
RP146: 7/1/2010 12:38:25 AM - System Checkpoint
RP147: 7/2/2010 1:28:46 AM - System Checkpoint
RP148: 7/2/2010 3:16:37 PM - Software Distribution Service 3.0
RP149: 7/3/2010 3:19:28 PM - Software Distribution Service 3.0
RP150: 7/4/2010 4:38:14 PM - Software Distribution Service 3.0
RP151: 7/5/2010 6:31:17 PM - Software Distribution Service 3.0
RP152: 7/6/2010 6:45:27 PM - Software Distribution Service 3.0
RP153: 7/7/2010 8:37:14 PM - Software Distribution Service 3.0
RP154: 7/10/2010 9:18:40 AM - Software Distribution Service 3.0
RP155: 7/11/2010 11:10:05 AM - System Checkpoint
RP156: 7/11/2010 2:30:22 PM - Software Distribution Service 3.0
RP157: 7/11/2010 10:33:25 PM - Software Distribution Service 3.0
RP158: 7/13/2010 8:33:34 AM - Software Distribution Service 3.0
RP159: 7/14/2010 12:42:53 PM - Software Distribution Service 3.0
RP160: 7/15/2010 3:01:17 AM - Software Distribution Service 3.0
RP161: 7/15/2010 2:59:14 PM - Software Distribution Service 3.0
RP162: 7/16/2010 3:31:57 PM - Software Distribution Service 3.0
RP163: 7/17/2010 5:43:36 PM - Software Distribution Service 3.0
RP164: 7/18/2010 7:25:08 PM - Software Distribution Service 3.0
RP165: 7/19/2010 11:47:57 PM - Software Distribution Service 3.0
RP166: 7/21/2010 10:56:23 AM - Software Distribution Service 3.0
RP167: 7/22/2010 1:09:46 PM - Software Distribution Service 3.0
RP168: 7/22/2010 6:40:40 PM - Removed Cisco Clean Access Agent.
RP169: 7/24/2010 1:37:45 AM - Software Distribution Service 3.0
RP170: 7/25/2010 10:00:57 AM - Software Distribution Service 3.0
RP171: 7/26/2010 10:21:29 AM - Software Distribution Service 3.0
RP172: 7/27/2010 10:59:34 AM - Software Distribution Service 3.0
RP173: 7/28/2010 11:12:04 AM - Software Distribution Service 3.0
RP174: 7/29/2010 1:08:35 PM - Software Distribution Service 3.0
RP175: 7/29/2010 3:55:05 PM - Printer Driver Microsoft XPS Document Writer Installed
RP176: 7/30/2010 3:35:49 PM - Software Distribution Service 3.0
RP177: 7/31/2010 3:00:56 AM - Software Distribution Service 3.0
RP178: 7/31/2010 9:05:26 PM - Software Distribution Service 3.0
RP179: 8/1/2010 11:14:35 PM - Software Distribution Service 3.0
RP180: 8/2/2010 3:06:04 PM - Software Distribution Service 3.0
RP181: 8/3/2010 10:23:47 AM - Software Distribution Service 3.0
RP182: 8/3/2010 12:31:54 PM - Software Distribution Service 3.0
RP183: 8/4/2010 10:06:56 AM - Software Distribution Service 3.0
RP184: 8/5/2010 3:02:34 AM - Software Distribution Service 3.0
RP185: 8/6/2010 11:12:34 AM - Software Distribution Service 3.0
RP186: 8/7/2010 1:01:25 PM - Software Distribution Service 3.0
RP187: 8/7/2010 1:12:17 PM - Software Distribution Service 3.0
RP188: 8/8/2010 3:15:05 PM - Software Distribution Service 3.0
RP189: 8/9/2010 4:04:13 PM - Software Distribution Service 3.0
RP190: 8/10/2010 5:45:04 PM - Software Distribution Service 3.0
RP191: 8/11/2010 7:22:55 PM - Software Distribution Service 3.0
RP192: 8/12/2010 9:46:37 PM - Software Distribution Service 3.0
RP193: 8/13/2010 6:37:41 AM - Software Distribution Service 3.0
RP194: 8/13/2010 1:11:22 PM - Software Distribution Service 3.0
RP195: 8/13/2010 11:41:42 PM - Software Distribution Service 3.0
RP196: 8/15/2010 10:10:42 PM - Software Distribution Service 3.0
RP197: 8/17/2010 12:22:41 AM - System Checkpoint
RP198: 8/17/2010 1:56:04 AM - Software Distribution Service 3.0
RP199: 8/18/2010 5:08:12 AM - Software Distribution Service 3.0
RP200: 8/19/2010 8:29:25 AM - Software Distribution Service 3.0
RP201: 8/19/2010 7:10:14 PM - Software Distribution Service 3.0
RP202: 8/21/2010 12:38:35 AM - System Checkpoint
RP203: 8/21/2010 11:09:55 AM - Software Distribution Service 3.0
RP204: 8/22/2010 1:24:03 PM - Software Distribution Service 3.0
RP205: 8/22/2010 10:38:12 PM - Software Distribution Service 3.0
RP206: 8/24/2010 1:14:03 AM - Software Distribution Service 3.0
RP207: 8/25/2010 11:56:58 AM - Software Distribution Service 3.0
RP208: 8/26/2010 6:09:57 PM - Software Distribution Service 3.0
RP209: 8/27/2010 9:45:39 PM - Software Distribution Service 3.0
RP210: 8/29/2010 1:23:52 AM - Software Distribution Service 3.0
RP211: 8/30/2010 6:14:31 AM - Software Distribution Service 3.0
RP212: 8/31/2010 11:56:06 AM - Software Distribution Service 3.0
RP213: 9/1/2010 6:43:18 PM - Software Distribution Service 3.0
RP214: 9/2/2010 9:16:10 PM - Software Distribution Service 3.0
RP215: 9/4/2010 12:53:58 PM - Software Distribution Service 3.0
RP216: 9/5/2010 4:18:12 PM - Software Distribution Service 3.0
RP217: 9/5/2010 10:35:20 PM - Software Distribution Service 3.0
RP218: 9/7/2010 1:48:53 AM - System Checkpoint
RP219: 9/7/2010 10:54:57 AM - Software Distribution Service 3.0
RP220: 9/8/2010 8:07:37 PM - Software Distribution Service 3.0
RP221: 9/9/2010 8:15:12 PM - System Checkpoint
RP222: 9/10/2010 10:14:51 AM - Software Distribution Service 3.0
RP223: 9/11/2010 10:09:46 PM - Software Distribution Service 3.0
RP224: 9/12/2010 2:05:22 PM - Installed Windows Media Player Firefox Plugin
RP225: 9/12/2010 5:16:15 PM - Software Distribution Service 3.0
RP226: 9/14/2010 12:12:54 AM - System Checkpoint
RP227: 9/14/2010 9:21:21 AM - Software Distribution Service 3.0
RP228: 9/15/2010 7:52:09 AM - Software Distribution Service 3.0
RP229: 9/15/2010 10:45:38 AM - Restore Operation
RP230: 9/18/2010 7:34:31 PM - Restore Operation
RP231: 9/22/2010 12:36:08 AM - Restore Operation

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Apple Application Support
Apple Software Update
ATI AVIVO Codecs
ATI Display Driver
BufferChm
CCScore
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DriverNavigator 1.3.2
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
F4200
F4200_Help
Facebook Plug-In
fflink
GemMaster Mystic
GPBaseService
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Java Auto Updater
Java™ 6 Update 18
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
MarketResearch
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Small Business Edition 2003
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Move Media Player
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Notifier
OfotoXMI
Otto
PSSWCORE
QuickTime
Samsung Master
Scan
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SFR
SHASTA
Shop for HP Supplies
SigmaTel Audio
skin0001
SKINXSDK
SmartWebPrintingOC
SolutionCenter
Sonic Encoders
Sound Blaster ADVANCED MB Drivers
Spybot - Search & Destroy
staticcr
Status
Synaptics Pointing Device Driver
Toolbox
tooltips
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
VideoToolkit01
VPN Client
VPRINTOL
WebFldrs XP
WebReg
WIDCOMM Bluetooth Software
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS

==== Event Viewer Messages From Past Week ========

9/26/2010 11:31:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/26/2010 10:12:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.202.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/25/2010 9:15:58 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.202.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/24/2010 1:35:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.202.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/22/2010 12:05:31 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
9/22/2010 12:03:35 PM, error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The system cannot find the path specified.
9/22/2010 11:19:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.91.202.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/20/2010 9:21:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/20/2010 2:28:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/19/2010 2:46:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk MpFilter
9/19/2010 2:46:00 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
9/19/2010 2:46:00 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/19/2010 11:50:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

==== End Of File ===========================

thanks again.

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 03 October 2010 - 07:29 AM

one day starts freezing on me from standby so I decide to restart and the computer

Did you check the settings to see if the standby or hibernation setting are still ON?
Make sure they are disable.

Disconnect from the internet and disable both your McAfee and Windows Antimalware.
Try to boot in regular mode.
==

If all fails.

Try to run this tool in Safe Mode with internet support.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download MBRCheck .exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.


* Be sure to disable your security programs.
* Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
* A window will open on your desktop.
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
* In your next reply, please include the log from MBRChecker.
====
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 06 October 2010 - 01:09 PM

Hello again sorry for the delay, going through some problems with the internet. as in when I don't boot up in safe mode, i can access the internet (only firefox now) but for a limited time, then it automatically goes into offline mode. Once i switch back to online mode, it doesn't allow me to access the internet (the firefox cannot find a server error message pops up). Plus there's still no sound coming from my computer while the computer still runs sluggishly. So many things wrong,its as if the more you try to help, the more goes wrong. :help: :cray:

Anyways, here's the MBR file you requested, ran in safe mode. Please let this thing be fixable. Thanks a bunch!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 100):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7BE3000 \WINDOWS\system32\KDCOM.DLL
0xF7AF3000 \WINDOWS\system32\BOOTVID.dll
0xF7694000 ACPI.sys
0xF7BE5000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7683000 pci.sys
0xF76E3000 isapnp.sys
0xF76F3000 ohci1394.sys
0xF7703000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7AF7000 compbatt.sys
0xF7AFB000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CAB000 pciide.sys
0xF7963000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7BE7000 intelide.sys
0xF7713000 MountMgr.sys
0xF7664000 ftdisk.sys
0xF7BE9000 dmload.sys
0xF763E000 dmio.sys
0xF796B000 PartMgr.sys
0xF7723000 VolSnap.sys
0xF7626000 atapi.sys
0xF7973000 cercsr6.sys
0xF760E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7733000 disk.sys
0xF7743000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF75EE000 fltmgr.sys
0xF75DC000 sr.sys
0xF7753000 PxHelp20.sys
0xF75C5000 KSecDD.sys
0xF7538000 Ntfs.sys
0xF750B000 NDIS.sys
0xF74F1000 Mup.sys
0xF741E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF71B4000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7190000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79B3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7773000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7783000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF717C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF712B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7793000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF70FC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7BEF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79CB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77A3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77B3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77C3000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF70D9000 \SystemRoot\system32\DRIVERS\ks.sys
0xF70BE000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xF77D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B9B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF70A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77F3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79FB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF706E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7803000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A1B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF703E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7813000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BF5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6FE0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7823000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7833000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7C03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DB0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C07000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A63000 \SystemRoot\System32\drivers\vga.sys
0xF6EDC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7C0B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A73000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A83000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B97000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF6EA9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6E50000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6E2A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7843000 \SystemRoot\system32\drivers\mfetdik.sys
0xF6E02000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6DE0000 \SystemRoot\System32\drivers\afd.sys
0xF7853000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6DB5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6D45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7873000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6D05000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C13000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6F24000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7ACB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D21000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF69E9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF6716000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 18):
0 System Idle Process
4 System
756 C:\WINDOWS\system32\smss.exe
1184 csrss.exe
1208 C:\WINDOWS\system32\winlogon.exe
1252 C:\WINDOWS\system32\services.exe
1264 C:\WINDOWS\system32\lsass.exe
1420 C:\WINDOWS\system32\svchost.exe
1504 svchost.exe
1560 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1632 C:\WINDOWS\system32\svchost.exe
1784 svchost.exe
1864 svchost.exe
868 C:\WINDOWS\explorer.exe
384 C:\Program Files\Mozilla Firefox\firefox.exe
792 C:\Program Files\Mozilla Firefox\plugin-container.exe
1308 C:\Program Files\Microsoft Security Essentials\msseces.exe
1996 C:\Documents and Settings\Lawrence\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHY2120BH, Rev: 0085000B

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 07 October 2010 - 08:20 AM

Your master boot record is good.

Please Download
TDSSKiller.zip

Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. (Important)

Run the TDSSKiller.exe

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to leave the file alone.

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
+++++++

I would also like you to run the ComboFix again and post the log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 07 October 2010 - 11:05 PM

Here's the results for the tdsskiller program

2010/10/07 22:01:33.0031 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/07 22:01:33.0031 ================================================================================
2010/10/07 22:01:33.0031 SystemInfo:
2010/10/07 22:01:33.0031
2010/10/07 22:01:33.0031 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/07 22:01:33.0031 Product type: Workstation
2010/10/07 22:01:33.0031 ComputerName: LAWRENCE-238E51
2010/10/07 22:01:33.0031 UserName: Lawrence
2010/10/07 22:01:33.0031 Windows directory: C:\WINDOWS
2010/10/07 22:01:33.0031 System windows directory: C:\WINDOWS
2010/10/07 22:01:33.0031 Processor architecture: Intel x86
2010/10/07 22:01:33.0031 Number of processors: 2
2010/10/07 22:01:33.0031 Page size: 0x1000
2010/10/07 22:01:33.0031 Boot type: Safe boot with network
2010/10/07 22:01:33.0031 ================================================================================
2010/10/07 22:01:33.0515 Initialize success
2010/10/07 22:01:38.0875 ================================================================================
2010/10/07 22:01:38.0875 Scan started
2010/10/07 22:01:38.0875 Mode: Manual;
2010/10/07 22:01:38.0875 ================================================================================
2010/10/07 22:01:42.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/07 22:01:42.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/07 22:01:42.0203 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/07 22:01:42.0281 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/07 22:01:42.0765 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/07 22:01:43.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/07 22:01:43.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/07 22:01:43.0406 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/07 22:01:43.0625 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/07 22:01:43.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/07 22:01:43.0890 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/07 22:01:43.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/07 22:01:44.0078 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/10/07 22:01:44.0281 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys
2010/10/07 22:01:44.0343 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/10/07 22:01:44.0546 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/07 22:01:44.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/07 22:01:44.0718 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/07 22:01:44.0890 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/07 22:01:44.0937 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/10/07 22:01:45.0109 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/07 22:01:45.0218 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/07 22:01:45.0453 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/10/07 22:01:45.0515 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2010/10/07 22:01:45.0718 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/10/07 22:01:45.0843 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/10/07 22:01:46.0078 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/07 22:01:46.0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/07 22:01:46.0468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/07 22:01:46.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/07 22:01:46.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/07 22:01:46.0687 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/10/07 22:01:46.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/07 22:01:47.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/07 22:01:47.0171 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/07 22:01:47.0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/07 22:01:47.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/07 22:01:47.0437 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/07 22:01:47.0500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/07 22:01:47.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/07 22:01:47.0703 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/07 22:01:47.0765 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/07 22:01:48.0062 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/07 22:01:48.0109 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/07 22:01:48.0203 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/07 22:01:48.0281 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/07 22:01:48.0375 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/07 22:01:48.0578 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/07 22:01:48.0765 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/07 22:01:48.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/07 22:01:49.0046 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/07 22:01:49.0109 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/07 22:01:49.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/07 22:01:49.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/07 22:01:49.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/07 22:01:49.0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/07 22:01:49.0546 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/07 22:01:49.0625 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/07 22:01:49.0765 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/07 22:01:49.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/07 22:01:49.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/07 22:01:50.0031 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/07 22:01:50.0406 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/07 22:01:50.0625 mfeapfk (1619082b1d7f731b11449f48e91cc84c) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/10/07 22:01:50.0671 mfeavfk (1fae237d343904e24b3a9eb04bbd8170) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/07 22:01:50.0734 mfebopk (8c324da46f9fcc5c107ceda4dbcfc7ae) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/07 22:01:50.0828 mfehidk (d0123e113243bdd427611f265bbd21b8) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/07 22:01:50.0875 mferkdet (d528f31cad4411d3ae3ce0c634232851) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/10/07 22:01:50.0953 mfetdik (28a2f3c4ca8c2063087c9fcd963586c0) C:\WINDOWS\system32\drivers\mfetdik.sys
2010/10/07 22:01:51.0062 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/10/07 22:01:51.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/07 22:01:51.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/07 22:01:51.0421 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2010/10/07 22:01:51.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/07 22:01:51.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/07 22:01:51.0687 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/07 22:01:51.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/07 22:01:51.0875 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/07 22:01:52.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/07 22:01:52.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/07 22:01:52.0250 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/07 22:01:52.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/07 22:01:52.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/07 22:01:52.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/07 22:01:52.0609 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/07 22:01:52.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/07 22:01:52.0734 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/07 22:01:52.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/07 22:01:52.0843 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/07 22:01:53.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/07 22:01:53.0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/07 22:01:53.0375 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/10/07 22:01:53.0484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/07 22:01:53.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/07 22:01:53.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/07 22:01:53.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/07 22:01:53.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/07 22:01:53.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/07 22:01:54.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/07 22:01:54.0140 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/10/07 22:01:54.0312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/07 22:01:54.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/07 22:01:54.0484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/07 22:01:54.0515 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/07 22:01:54.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/07 22:01:54.0703 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/07 22:01:55.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/07 22:01:55.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/07 22:01:55.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/07 22:01:55.0515 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/07 22:01:55.0875 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/07 22:01:55.0921 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/07 22:01:56.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/07 22:01:56.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/07 22:01:56.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/07 22:01:56.0234 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/07 22:01:56.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/07 22:01:56.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/07 22:01:56.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/07 22:01:56.0687 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/10/07 22:01:56.0781 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/10/07 22:01:56.0843 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/10/07 22:01:57.0046 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/07 22:01:57.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/07 22:01:57.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/07 22:01:57.0390 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/10/07 22:01:57.0453 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/10/07 22:01:57.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/07 22:01:57.0781 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/07 22:01:57.0859 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/07 22:01:58.0031 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/07 22:01:58.0218 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/07 22:01:58.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/07 22:01:58.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/07 22:01:58.0875 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/07 22:01:58.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/07 22:01:59.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/07 22:01:59.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/07 22:01:59.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/07 22:01:59.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/07 22:01:59.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/07 22:01:59.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/07 22:01:59.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/07 22:01:59.0906 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/07 22:02:00.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/07 22:02:00.0140 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/07 22:02:00.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/07 22:02:00.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/07 22:02:00.0390 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/07 22:02:00.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/07 22:02:00.0546 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/07 22:02:00.0734 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2010/10/07 22:02:01.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/07 22:02:01.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/07 22:02:01.0265 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/07 22:02:01.0671 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/07 22:02:01.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/07 22:02:02.0187 ================================================================================
2010/10/07 22:02:02.0187 Scan finished
2010/10/07 22:02:02.0187 ================================================================================
2010/10/07 22:02:40.0218 Deinitialize success

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 08 October 2010 - 08:50 AM

Hello again sorry for the delay, going through some problems with the internet. as in when I don't boot up in safe mode, i can access the internet (only firefox now) but for a limited time, then it automatically goes into offline mode. Once i switch back to online mode, it doesn't allow me to access the internet (the firefox cannot find a server error message pops up).


When you go to offline mode you are possibly loosing the internet connection.
See the page.

http://support.mozil...gin_has_crashed

That is not the reason you cannot go to normal mode but both problems may be related by a larger problem.
===

Are you confortable to try these fixes?

How to configure Windows XP to start in a "clean boot" state
http://support.microsoft.com/kb/310353

If at any time you need help please do not hesite post a message.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 08 October 2010 - 11:34 PM

Will doing so cause me to lose my info stored on the harddrive? I've already had to have my harddrive replaced (blue screen of death like 2 years ago) and had to reinstall windows due to some super virus that i contracted when I went to Europe (which cost me like $100). Do I need to have some knowledge of computers to do that since I'm fairly certain something is really wrong with this computer right now.

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 09 October 2010 - 08:23 AM

Any time you make some changes that will possibly affect your registry there is a chance that your may loose your data.
Or event worst you end up with having to reinstall the operating systems.

If you can afford it buy a Flash drive and backup your complete computer.

To be on the safe side you should have a copy of the installation XP disk should all fail.

On other option is to clean your registry.

PCTool have a good registry cleaner.
http://www.pctools.c...istry-mechanic/
A back up of the registry is made before you delete of change anything.

The trial program will only identify wrong or empty registry item.
To fix the you need the paid version.

There are some free registry cleaner. If you go this way make sure you have backed up your registry.

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 10 October 2010 - 01:11 PM

well it seems as if the original problem with that error message and my comp freezing up has gone so thanks for that. All that's left now is the weird firefox thing going on as well as the fact that my comp says i don't have an audio device when I've rolled back drivers, reinstalled my sound device, and downloaded all the updates i could online. This same problem started when everything else went haywire and I haven't been able to fix it. Could whatever caused my sound to stop also be causing my internet problems. Or do I need to go to another forum for that.

Oh and what do you think of CCleaner as a free registry fix tool? Would that be a good one to get to fix any possible registry problems.

Once again, thanks for the help. I know where getting closer to fixing everything.

#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 11 October 2010 - 09:07 AM

CCleaner is good. We recommend it on occasions.

Please download CCleaner (freeware) from here.
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner.

The following should be selected by default, if not, please select:
Posted Image

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.

If presented with an option to install 3rd party software, deny it.

As for you sound do you see any Yellow Exclamation mark in your
Control Panel > System > Hardware and sound.
I do not have an XP machine to give you the exact path.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 lw85lw

lw85lw

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 13 October 2010 - 11:11 AM

what about the registry cleaner? How should I go about running that?

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 13 October 2010 - 11:51 AM

If you did the system cleanup that is all it can do.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,347 posts

Posted 27 October 2010 - 07:28 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button