Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Reopen previous topic


  • Please log in to reply

#1
Duncan63

Duncan63

    Member

  • Member
  • PipPip
  • 27 posts
Hi,

I had a topic running where I was being assisted by Dakeyras but unfortunately I had to break off from it for a while, Consequently Dakeyras closed the topic and advised that if I wanted to repen it I should contact a staff member. I have tried to contact him through his Geekstogo email to no avail. Could someone please advise how I should contact him to get the topic reopened. Many thanks.

Edited by Duncan63, 05 April 2012 - 02:30 PM.

  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
We apologize for the delay in responding to your request for help.

I'll take over from Dakeyras.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi - thanks for getting back to me.

Not sure if you've read the original topic but I managed to do the OTL thing on the bad machine before it died a further death which ended up that Windows will not boot at start up, so the OTL reports are right at the start of that thread (and probably somewhere in a log file in the bad machine).

With regard to your current instructions, as I cannot boot Windows I have no desktop on the bad machine, hence can't download and run in that way. I have been doing everything using the xPUD OS, which I copied onto disc with Dakeyras assistance, and load at startup (and which I had no prior knowledge of).

I'm not too sure how to run a .exe in xPUD so I'll need your assistance! I can download it into the 'downloads' file folder and copy it to sda1, where I tried to bash it (probably not a good idea?) to no avail! I think I may be an example of the saying "a little knowledge is a dangerous thing", so it may be wise for you to assume I know very little!

Thanks for your support!

:)
  • 0

#4
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
For the instructions below you're gonna need an empty CD. If you don't have one, I can give you alternative instructions that uses a USB flash drive instead.




Follow these first steps on another PC:

Please print these instruction out so that you know what you are doing.

  • Download OTLPEStd.exe to your desktop.
  • Ensure that you have a blank CD in the drive.
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD.
  • Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here.
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads. :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location.
  • When asked "Do you wish to load the remote registry", select Yes.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK.
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt.
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#5
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,

I now have the OTL.txt file on the bad machine but part of the problem is that all my USB ports seem to have been disabled, so I can't copy to USB. Additionally, my wireless connection does not appear to be enabled using this new OS (it was available using xPUD) so I can't copy/paste the file into this post. Two options, I guess, you choose the best one please - i) you advise me how to enable wireless with this new OS or, ii) I shut down the bad machine, reboot with xPUD, open Firefox, find the OTL.txt file on the C: drive and attach it to this topic through the bad machine.

Which would you advise?

Thanks again!
  • 0

#6
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts

ii) I shut down the bad machine, reboot with xPUD, open Firefox, find the OTL.txt file on the C: drive and attach it to this topic through the bad machine.

That one. Getting the wireless Internet connection working in OTLPE would be either very hard or impossible.
  • 0

#7
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi again,

Here it is:

OTL logfile created on: 4/11/2012 1:48:56 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 59.00% Memory free
454.00 Mb Paging File | 334.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 47.18 Gb Free Space | 84.55% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Disabled] -- -- (TlntSvr)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [Auto] -- -- (Fax)
SRV - File not found [On_Demand] -- -- (EapHost)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [On_Demand] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [Disabled] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2011/11/16 08:32:48 | 010,310,968 | -H-- | M] (Radialpoint SafeCare Inc.) [Auto] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/07/07 14:31:08 | 000,195,336 | -H-- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 12:33:20 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2006/06/29 08:12:34 | 000,376,832 | -H-- | M] (Dell Inc.) [Auto] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/28 08:04:56 | 000,262,217 | -H-- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Kernel | System] -- -- (WmiAcpi)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (winachsf)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | On_Demand] -- -- (w39n51) Intel®
DRV - File not found [Kernel | On_Demand] -- -- (w29n51) Intel®
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (STHDA)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | Auto] -- -- (Secdrv)
DRV - File not found [Kernel | Auto] -- -- (s24trans)
DRV - File not found [Kernel | Auto] -- -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Boot] -- -- (Pcmcia)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | Boot] -- -- (ohci1394)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (nv)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | On_Demand] -- -- (NIC1394)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | Auto] -- -- (mdmxsdk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | System] -- -- (intelppm)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | On_Demand] -- -- (ialm)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | On_Demand] -- -- (HSXHWAZL)
DRV - File not found [Kernel | On_Demand] -- -- (HSF_DPV)
DRV - File not found [Kernel | On_Demand] -- -- (HidUsb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [Kernel | On_Demand] -- -- (E100B) Intel®
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [File_System | Boot] -- -- (DefragFS)
DRV - File not found [Kernel | Boot] -- -- (Compbatt)
DRV - File not found [Kernel | On_Demand] -- -- (CmBatt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (bcm4sbxp)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | On_Demand] -- -- (Arp1394)
DRV - File not found [Kernel | System] -- -- (APPDRV)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - [2006/01/10 07:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/28 01:57:18 | 000,113,847 | RH-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=0070126
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=0070126
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.nottscc.gov.uk:8080

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Nat_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\Nat_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\Nat_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=uk
IE - HKU\Nat_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Nat_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Nat_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)



O1 HOSTS File: ([2012/01/23 19:13:37 | 000,440,267 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15141 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\Nat_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [igfxhkcmd] File not found
O4 - HKLM..\Run: [igfxpers] File not found
O4 - HKLM..\Run: [igfxtray] File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Nat_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nat_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Nat_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nat_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = digbyspecial.notts.sch.uk
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 13:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========


========== Files Created - No Company Name ==========

[2012/01/23 20:10:04 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~Gp08U7VTsS7cIZ
[2012/01/23 20:10:04 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~Gp08U7VTsS7cIZr
[2012/01/23 20:08:30 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Gp08U7VTsS7cIZ
[2012/01/23 18:48:10 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~SnxQRmtGkDDUsm
[2012/01/23 18:48:10 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~SnxQRmtGkDDUsmr
[2012/01/23 18:37:09 | 000,000,464 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\SnxQRmtGkDDUsm
[2012/01/23 16:20:24 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~11KKr5W6RoYaQu
[2012/01/23 16:20:24 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~11KKr5W6RoYaQur
[2012/01/23 16:18:21 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\11KKr5W6RoYaQu
[2012/01/23 14:56:07 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~XBU7jusQ7UFG2s
[2012/01/23 14:56:07 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~XBU7jusQ7UFG2sr
[2012/01/23 14:55:45 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\XBU7jusQ7UFG2s
[2012/01/23 14:12:38 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~IS9vq4V35DBl7v
[2012/01/23 14:12:38 | 000,000,184 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~IS9vq4V35DBl7vr
[2012/01/23 14:11:38 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\IS9vq4V35DBl7v
[2012/01/22 22:35:05 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WuaUVWTaYeXSwf
[2012/01/22 22:35:05 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~WuaUVWTaYeXSwfr
[2012/01/22 22:33:59 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\WuaUVWTaYeXSwf
[2012/01/22 21:46:03 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~KpnGZJBUHWVE1E
[2012/01/22 21:46:03 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~KpnGZJBUHWVE1Er
[2012/01/22 21:45:54 | 000,000,424 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\KpnGZJBUHWVE1E
[2012/01/22 21:09:38 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~rOsrqHAnI5sNKX
[2012/01/22 21:09:38 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~rOsrqHAnI5sNKXr
[2012/01/22 21:09:29 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\rOsrqHAnI5sNKX
[2012/01/15 21:32:44 | 000,008,016 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\8da2f173
[2012/01/15 21:32:44 | 000,008,007 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ffd614a0
[2012/01/15 21:32:44 | 000,008,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\ba1244a5
[2007/01/26 13:54:45 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== LOP Check ==========

[2012/01/15 22:04:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Radialpoint
[2009/04/01 21:08:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Virgin Broadband
[2012/01/15 22:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Virgin Media
[2012/01/15 22:05:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Nat\Application Data\Radialpoint
[2009/04/01 21:09:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Nat\Application Data\Virgin Broadband
[2012/01/15 22:05:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Nat\Application Data\Virgin Media
[2012/01/23 21:33:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2009/04/01 21:09:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2012/01/15 22:04:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media

========== Purity Check ==========


< End of report >

:rolleyes::rolleyes::rolleyes::rolleyes:

  • 0

#8
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Let's try xPUD

  • Insert the USB drive and CD in the Sick computer and boot the computer from the CD again
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    userinit.exe

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt

Please note - all text entries are case sensitive

Copy and paste the filefind.txt for my review
  • 0

#9
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,

Bit puzzled about what you're asking me to do here. As I said above, the sick machine isn't seeing any USB devices (sdb1 doesn't show in mnt when I have a mass memory device in any of the 4 ports), so I think Dakeyras assumed the ports had been disabled by the malware, but even if the machine was seeing the USB, I don't understand why driver.sh would show on it? However:

I had previously downloaded driver.sh into sda1 on this (sick) machine as Dakeyras had put a shortcut to the file on the Geekstogo site in the previous topic, so I bashed it for userinit.exe - report as follows:

Search results for userinit.exe

39b1ffb03c2296323832acbae50d2aff /mnt/sda2/i386/userinit.exe
24.0K Aug 4 2004


Thanks for your continued support!


  • 0

#10
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
I'm afraid I've got bad news for you.

Your computer appears to be missing lots of critical system files. Therefore I suggest you format your computer and reinstall Windows.
  • 0

#11
Duncan63

Duncan63

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi,

Bit of a problem there - I don't have the original installation discs for the sick machine, although I do have them for the good machine I'm using. (Sick one is XP Pro, good one is XP Home).
  • 0

#12
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
You could try a repair install with the Win XP Home Cd: http://www.geekstogo...ir-windows-xp/. Maybe that'll work.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP