Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
 
 Reply to this topicStart new topic
desktop software crash, and explorer.exe, along with taskmanager.
st0ll3n
post Aug 27 2009, 09:55 PM
Post #1


Geek in Training
**
Posts: 11
From: La Grande, Oregon
OS: windows vista
I have ran all the scans I have come across on the removal guide. Here is the root repeal and otl output files

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 18:32
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8AE7C000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8AE71000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8AF76000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

==EOF==

OTL logfile created on: 8/27/2009 6:35:17 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mike\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.38 Mb Total Physical Memory | 590.59 Mb Available Physical Memory | 58.28% Memory free
3.88 Gb Paging File | 3.58 Gb Available in Paging File | 92.28% Paging File free
Paging file location(s): c:\pagefile.sys 3000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.96 Gb Total Space | 64.59 Gb Free Space | 61.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-1LP
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 18:33:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/26 18:29:42 | 00,074,008 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- C:\Acer\Empowering Technology\awServ.exe -- (AWService [Disabled | Stopped])
SRV - [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/12/28 18:24:14 | 00,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Stopped])
SRV - [2008/01/19 00:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 18:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Auto | Stopped])
SRV - [2009/03/24 09:36:13 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/06/19 18:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2007/10/19 14:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
SRV - [2006/11/24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Stopped])
SRV - [2008/06/19 18:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/01/19 00:35:27 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2008/08/05 16:10:42 | 00,144,760 | ---- | M] () -- C:\Program Files\SoftActivity\AMSys\amsvc.exe -- (Samsvc [Auto | Stopped])
SRV - [2008/01/20 23:36:49 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [Disabled | Stopped])
SRV - [2008/02/01 07:27:10 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009/03/30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Auto | Stopped])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
SRV - [2006/08/04 03:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.w
indows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.ne
t;qs.netzero.net;*.prod.untd.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:7900

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/18 17:14:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/07/04 07:53:28 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMTray.exe] C:\Acer\Empowering Technology\amtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\123happy\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\123happy\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resource...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDDAE4A2-0B0E-4B13-BBD0-7325366EFEC9} http://wssemw.arinet.com//EWBmsPickListCtl.cab (EWBmsPickList Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/27 16:55:43 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/27 18:33:14 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2009/08/27 18:28:05 | 00,000,000 | ---- | C] () -- C:\Users\mike\Desktop\settings.dat
[2009/08/27 18:27:51 | 00,472,064 | ---- | C] ( ) -- C:\Users\mike\Desktop\RootRepeal.exe
[2009/08/27 18:25:44 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\mike\Desktop\SysRestorePoint.exe
[2009/08/27 18:18:27 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/08/27 17:22:29 | 00,000,510 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 17:22:27 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/27 17:22:24 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/27 17:22:24 | 00,000,000 | ---D | C] -- C:\123happy
[2009/08/27 17:21:33 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mike\Desktop\123happy.exe
[2009/08/26 20:16:41 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/26 20:16:39 | 00,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\temp
[2009/08/26 20:08:17 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/26 19:22:11 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/26 19:21:47 | 03,185,678 | R--- | C] () -- C:\Users\mike\Desktop\cf187aber.exe
[2009/08/26 19:14:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/26 18:31:34 | 00,000,000 | ---D | C] -- C:\backup
[2009/08/26 18:30:50 | 00,000,733 | ---- | C] () -- C:\Users\mike\Desktop\NTREGOPT.lnk
[2009/08/26 18:30:50 | 00,000,714 | ---- | C] () -- C:\Users\mike\Desktop\ERUNT.lnk
[2009/08/26 18:30:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/26 18:30:32 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\mike\Desktop\erunt_setup.exe
[2009/08/26 07:24:32 | 00,001,670 | ---- | C] () -- C:\Users\mike\Desktop\CCleaner.lnk
[2009/08/26 07:24:31 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/08/25 18:29:43 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\TFC.exe
[2009/08/23 15:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\mbam1
[2009/08/18 17:09:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/08/18 17:06:12 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/18 15:30:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/08/18 15:28:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/18 13:00:42 | 00,000,004 | ---- | C] () -- C:\Windows\System32\gaopdxcounter

========== Files - Modified Within 14 Days ==========

[4 C:\Windows\System32\drivers\*.tmp files]
[2009/08/27 18:33:25 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2009/08/27 18:28:05 | 00,000,000 | ---- | M] () -- C:\Users\mike\Desktop\settings.dat
[2009/08/27 18:28:04 | 00,472,064 | ---- | M] ( ) -- C:\Users\mike\Desktop\RootRepeal.exe
[2009/08/27 18:25:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\mike\Desktop\SysRestorePoint.exe
[2009/08/27 18:22:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/27 18:20:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/27 18:18:51 | 00,004,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 18:18:51 | 00,004,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/27 18:18:46 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/08/27 17:22:29 | 00,000,510 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 17:21:34 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mike\Desktop\123happy.exe
[2009/08/26 20:50:58 | 00,000,499 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/08/26 20:48:41 | 00,707,906 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/26 20:48:41 | 00,606,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/26 20:48:41 | 00,106,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/26 20:08:11 | 00,000,260 | ---- | M] () -- C:\Windows\system.ini
[2009/08/26 20:07:59 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/26 19:48:13 | 00,053,744 | ---- | M] () -- C:\Users\mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/26 19:25:28 | 00,034,816 | ---- | M] () -- C:\Windows\System32\drivers\gaopdxdpvyivgcmfivcwdhbrevwibxactqmusd.sys
[2009/08/26 19:13:54 | 03,185,678 | R--- | M] () -- C:\Users\mike\Desktop\cf187aber.exe
[2009/08/26 18:30:50 | 00,000,733 | ---- | M] () -- C:\Users\mike\Desktop\NTREGOPT.lnk
[2009/08/26 18:30:50 | 00,000,714 | ---- | M] () -- C:\Users\mike\Desktop\ERUNT.lnk
[2009/08/26 18:30:41 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\mike\Desktop\erunt_setup.exe
[2009/08/26 07:32:48 | 00,000,004 | ---- | M] () -- C:\Windows\System32\gaopdxcounter
[2009/08/26 07:30:12 | 00,335,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/26 07:24:32 | 00,001,670 | ---- | M] () -- C:\Users\mike\Desktop\CCleaner.lnk
[2009/08/25 19:04:22 | 00,001,356 | ---- | M] () -- C:\Users\mike\AppData\Local\d3d9caps.dat
[2009/08/25 18:29:50 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\TFC.exe
[2009/08/18 17:07:05 | 00,000,796 | ---- | M] () -- C:\Users\mike\Documents\My Sharing Folders.lnk

========== LOP Check ==========

[2009/07/04 07:36:55 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming
[2007/03/25 12:42:41 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Acer
[2008/12/25 15:43:41 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ArcSoft
[2007/09/20 21:34:50 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Audacity
[2007/08/15 21:56:36 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\BitTorrent Pro
[2007/04/26 18:04:33 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CyberLink
[2007/09/11 20:09:10 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Doblon
[2009/06/03 20:58:44 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\GetRightToGo
[2007/11/14 21:35:38 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Lasersoft Imaging
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Media Center Programs
[2007/09/10 21:21:59 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\MessengerGadget
[2007/11/01 19:40:23 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mIRC
[2008/09/06 11:23:49 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Move Networks
[2007/09/18 21:35:07 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\n-Track Studio5
[2008/10/16 20:57:26 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PeerNetworking
[2008/06/22 21:28:43 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Research In Motion
[2007/12/09 16:26:57 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Roxio
[2007/11/14 21:44:31 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Share-to-Web Upload Folder
[2008/02/24 13:12:02 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\STOIK
[2009/08/27 18:18:46 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/08/27 18:20:47 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/27 18:20:47 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/19 00:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >


I had many trojans and many different forms of malware. I stopped after the two scans, and as otl shows, I am on safemode, thats the only way I can get the desktop manager, explorer.exe, and taskmanager to run, other than that I can't tell on anything else untill after such.

thanks for any and all help.

Mike
Go to the top of the page
 
+Quote Post
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 21st November 2009 - 01:09 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.