Time for house cleaning instructions and help.

**tankedsecondchance** · 2011-05-21, 11:14

Here is the information from the tool that you asked for, you were'nt online so i just ran it normally with all tools running, and all tools off. here are both logs

(virus tools on)

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 12:08:07
-----------------------------
12:08:07.343 OS Version: Windows 5.1.2600 Service Pack 3
12:08:07.343 Number of processors: 1 586 0x209
12:08:07.343 ComputerName: TIM UserName: Me
12:08:08.062 Initialize success
12:08:17.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:08:17.953 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
12:08:19.984 Disk 0 MBR read successfully
12:08:19.984 Disk 0 MBR scan
12:08:19.984 Disk 0 Windows XP default MBR code
12:08:21.984 Disk 0 scanning sectors +156232125
12:08:22.000 Disk 0 scanning C:\WINDOWS2\system32\drivers
12:08:29.843 Service scanning
12:08:30.921 Disk 0 trace - called modules:
12:08:30.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:08:30.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f85ab8]
12:08:30.953 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe4d98]
12:08:30.953 Scan finished successfully
12:08:51.703 Disk 0 MBR has been saved successfully to "C:\WINDOWS2\system32\MBR.dat"
12:08:51.750 The log file has been saved successfully to "C:\WINDOWS2\system32\aswMBR.txt"

(virus tools off)

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-21 12:12:34
-----------------------------
12:12:34.453 OS Version: Windows 5.1.2600 Service Pack 3
12:12:34.453 Number of processors: 1 586 0x209
12:12:34.453 ComputerName: TIM UserName: Me
12:12:36.000 Initialize success
12:12:37.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:12:37.609 Disk 0 Vendor: IC35L090AVV207-0 V23OA66A Size: 76293MB BusType: 3
12:12:39.640 Disk 0 MBR read successfully
12:12:39.640 Disk 0 MBR scan
12:12:39.640 Disk 0 Windows XP default MBR code
12:12:41.640 Disk 0 scanning sectors +156232125
12:12:41.656 Disk 0 scanning C:\WINDOWS2\system32\drivers
12:12:52.515 Service scanning
12:12:53.609 Disk 0 trace - called modules:
12:12:53.625 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:12:53.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f85ab8]
12:12:53.625 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fe4d98]
12:12:53.625 Scan finished successfully
12:13:16.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Me.TIM\Desktop\MBR.dat"
12:13:16.390 The log file has been saved successfully to "C:\Documents and Settings\Me.TIM\Desktop\aswMBR2.txt"

**tankedsecondchance** · 2011-05-21, 11:19

I am terribly sorry, i seem to have forgotten to attach the files. Here they are.

**Blade81** · 2011-05-21, 11:36

Hi,

aswMBR results look ok. Please post fresh dds logs.

**tankedsecondchance** · 2011-05-21, 12:54

hello again,

I was out for a bit my son should have kept up with your request as made.im sorry about this below is the dds log

Originally Posted by Blade81

Hi,

aswMBR results look ok. Please post fresh dds logs.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Me at 13:44:58.64 on Sat 05/21/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.135 [GMT 3:00]
.
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\ctfmon.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me.TIM\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:egyptainhollandiatissueculture@msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\docume~1\me.tim\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows2\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows2\system32\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\me.tim\applic~1\mozilla\firefox\profiles\6tv5e5pb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [2011-5-2 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R3 abp470n5;abp470n5;\??\c:\windows2\system32\drivers\gelnlo.sys --> c:\windows2\system32\drivers\gelnlo.sys [?]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows2\system32\drivers\bcm42xx5.sys [2011-5-10 54271]
S4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1853520]
.
=============== Created Last 30 ================
.
2011-05-20 18:21:44 -------- d-----w- c:\windows2\LastGood.Tmp
2011-05-20 18:02:05 79872 -c----w- c:\windows2\system32\dllcache\msxml6r.dll
2011-05-20 18:02:05 79872 ------w- c:\windows2\system32\msxml6r.dll
2011-05-20 18:02:05 1372672 -c----w- c:\windows2\system32\dllcache\msxml6.dll
2011-05-20 18:02:04 1372672 ------w- c:\windows2\system32\msxml6.dll
2011-05-20 18:02:00 1001472 -c----w- c:\windows2\system32\dllcache\wmvdmoe2.dll
2011-05-20 18:01:57 897024 -c----w- c:\windows2\system32\dllcache\wmspdmoe.dll
2011-05-20 18:01:57 221184 -c----w- c:\windows2\system32\dllcache\wmpns.dll
2011-05-20 18:01:57 1119744 -c----w- c:\windows2\system32\dllcache\wmsdmoe2.dll
2011-05-20 18:01:56 98304 -c----w- c:\windows2\system32\dllcache\wmpband.dll
2011-05-20 18:01:54 114688 -c----w- c:\windows2\system32\dllcache\wmpasf.dll
2011-05-20 18:01:53 168448 -c----w- c:\windows2\system32\dllcache\wmerror.dll
2011-05-20 18:01:53 151552 -c----w- c:\windows2\system32\dllcache\wmidx.dll
2011-05-20 18:01:48 52224 -c----w- c:\windows2\system32\dllcache\mspmsnsv.dll
2011-05-20 18:01:47 384512 -c----w- c:\windows2\system32\dllcache\mp4sdmod.dll
2011-05-20 18:01:47 368640 -c----w- c:\windows2\system32\dllcache\mpvis.dll
2011-05-20 18:01:47 310272 -c----w- c:\windows2\system32\dllcache\mp43dmod.dll
2011-05-20 18:00:19 9728 ------w- c:\windows2\system32\rwnh.dll
2011-05-20 18:00:18 10752 ------w- c:\windows2\system32\smtpapi.dll
2011-05-20 17:58:52 -------- d-----w- c:\windows2\l2schemas
2011-05-20 17:58:50 -------- d-----w- c:\windows2\system32\en
2011-05-20 17:58:49 -------- d-----w- c:\windows2\system32\bits
2011-05-20 17:47:12 33792 -c----w- c:\windows2\system32\dllcache\custsat.dll
2011-05-20 17:45:57 152064 -c----w- c:\windows2\system32\dllcache\shmedia.dll
2011-05-20 17:40:31 -------- d-----w- c:\windows2\network diagnostic
2011-05-20 17:40:27 144384 ------w- c:\windows2\system32\drivers\hdaudbus.sys
2011-05-20 17:40:23 10240 ------w- c:\windows2\system32\drivers\sffp_mmc.sys
2011-05-20 17:32:55 19569 ----a-w- c:\windows2\005491_.tmp
2011-05-20 16:56:32 -------- d-----w- C:\52d9b97d3a4e2130724323
2011-05-20 16:40:56 331805736 ----a-w- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2011-05-19 15:19:54 -------- d-sha-r- C:\cmdcons
2011-05-19 15:13:38 98816 ----a-w- c:\windows2\sed.exe
2011-05-19 15:13:38 89088 ----a-w- c:\windows2\MBR.exe
2011-05-19 15:13:38 256512 ----a-w- c:\windows2\PEV.exe
2011-05-19 15:13:38 161792 ----a-w- c:\windows2\SWREG.exe
2011-05-19 02:21:08 274288 ----a-w- c:\windows2\system32\mucltui.dll
2011-05-19 02:21:08 215920 ----a-w- c:\windows2\system32\muweb.dll
2011-05-19 02:21:08 16736 ----a-w- c:\windows2\system32\mucltui.dll.mui
2011-05-18 19:59:52 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\AskToolbar
2011-05-18 14:59:18 -------- d-----w- c:\windows2\system32\LogFiles
2011-05-16 18:13:24 -------- d-----w- c:\docume~1\me.tim\applic~1\Foxit Software
2011-05-16 18:12:47 -------- d-----w- c:\program files\Ask.com
2011-05-16 18:12:10 -------- d-----w- c:\program files\Foxit Software
2011-05-14 22:00:50 -------- d--h--w- C:\VritualRoot
2011-05-14 19:49:10 -------- d-----w- c:\docume~1\me.tim\applic~1\WinPatrol
2011-05-13 22:10:51 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Identities
2011-05-13 00:03:00 -------- d-----w- c:\windows2\system32\KB905474
2011-05-11 20:20:34 -------- d-----w- c:\docume~1\me.tim\locals~1\applic~1\Google
2011-05-11 11:44:17 -------- d-----r- C:\MS Office 2007 ENG
2011-05-11 09:43:49 272128 -c----w- c:\windows2\system32\dllcache\bthport.sys
2011-05-11 09:42:46 81920 -c----w- c:\windows2\system32\dllcache\fontsub.dll
2011-05-11 09:42:46 119808 -c----w- c:\windows2\system32\dllcache\t2embed.dll
2011-05-11 09:42:28 153088 -c----w- c:\windows2\system32\dllcache\triedit.dll
2011-05-11 09:40:54 744448 -c----w- c:\windows2\system32\dllcache\helpsvc.exe
2011-05-11 09:33:16 1172480 -c----w- c:\windows2\system32\dllcache\msxml3.dll
2011-05-11 09:32:40 655872 -c----w- c:\windows2\system32\dllcache\mstscax.dll
2011-05-11 09:29:25 353792 -c----w- c:\windows2\system32\dllcache\srv.sys
2011-05-11 09:28:32 90112 ----a-w- c:\windows2\unvise32.exe
2011-05-11 09:26:56 455680 -c----w- c:\windows2\system32\dllcache\mrxsmb.sys
2011-05-11 09:26:39 471552 -c----w- c:\windows2\system32\dllcache\aclayers.dll
2011-05-11 09:15:50 284160 -c----w- c:\windows2\system32\dllcache\pdh.dll
2011-05-11 09:15:49 473600 -c----w- c:\windows2\system32\dllcache\fastprox.dll
2011-05-11 09:15:49 401408 -c----w- c:\windows2\system32\dllcache\rpcss.dll
2011-05-11 09:15:49 227840 -c----w- c:\windows2\system32\dllcache\wmiprvse.exe
2011-05-11 09:15:49 110592 -c----w- c:\windows2\system32\dllcache\services.exe
2011-05-11 09:15:48 730112 -c----w- c:\windows2\system32\dllcache\lsasrv.dll
2011-05-11 09:15:48 714752 -c----w- c:\windows2\system32\dllcache\ntdll.dll
2011-05-11 09:15:48 617472 -c----w- c:\windows2\system32\dllcache\advapi32.dll
2011-05-11 09:15:48 453120 -c----w- c:\windows2\system32\dllcache\wmiprvsd.dll
2011-05-11 09:15:47 2146304 -c----w- c:\windows2\system32\dllcache\ntkrnlmp.exe
2011-05-11 09:15:46 2189952 -c----w- c:\windows2\system32\dllcache\ntoskrnl.exe
2011-05-11 09:15:46 2024448 -c----w- c:\windows2\system32\dllcache\ntkrpamp.exe
2011-05-11 09:09:21 203136 -c----w- c:\windows2\system32\dllcache\rmcast.sys
2011-05-11 09:09:11 331776 -c----w- c:\windows2\system32\dllcache\msadce.dll
2011-05-11 09:00:31 337408 -c----w- c:\windows2\system32\dllcache\netapi32.dll
2011-05-11 09:00:01 -------- d-----w- c:\windows2\system32\PreInstall
2011-05-11 08:59:40 -------- d--h--w- c:\windows2\$hf_mig$
2011-05-11 08:57:43 2560 ------w- c:\windows2\system32\xpsp4res.dll
2011-05-11 08:57:39 215552 -c----w- c:\windows2\system32\dllcache\wordpad.exe
2011-05-11 08:56:11 86016 -c----w- c:\windows2\system32\dllcache\cabview.dll
2011-05-11 08:56:04 177664 -c----w- c:\windows2\system32\dllcache\wintrust.dll
2011-05-11 06:58:04 -------- d-----w- c:\windows2\system32\SoftwareDistribution
2011-05-11 06:53:27 -------- d-----w- c:\windows2\pss
2011-05-11 06:49:43 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\SecTaskMan
2011-05-11 06:49:40 -------- d-----w- c:\program files\Security Task Manager
2011-05-10 20:07:35 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2011-05-10 18:59:19 -------- d-----w- c:\windows2\system32\wbem\AutoRecover
2011-05-10 18:45:59 95424 ------w- c:\windows2\system32\drivers\slnthal.sys
2011-05-10 18:39:43 -------- d-----w- c:\windows2\ServicePackFiles
2011-05-10 18:32:47 19528 ----a-w- c:\windows2\002233_.tmp
2011-05-10 18:32:44 -------- d-----w- c:\windows2\system32\ReinstallBackups
2011-05-10 18:32:24 100216 ----a-w- c:\windows2\system32\spupdsvc.exe
2011-05-10 18:28:44 -------- d-----w- c:\windows2\EHome
2011-05-10 18:22:17 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Comodo
2011-05-10 18:13:27 -------- d-----w- c:\docume~1\me.tim\applic~1\Malwarebytes
2011-05-10 18:13:21 38224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys
2011-05-10 18:13:20 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-05-10 18:13:14 19288 ----a-w- c:\windows2\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-05-02 17:36:04 284744 ----a-w- c:\windows2\system32\guard32.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows2\system32\GPhotos.scr
2011-04-05 04:58:17 39950910 ----a-w- C:\C__Users_Administrator_Desktop_PWOSetup173.exe
.
============= FINISH: 13:47:09.78 ===============

**Blade81** · 2011-05-21, 16:17

Hi,

Try to run ComboFix in safe mode disabling protection software first. If it requests for a reboot make sure system is booted back into safe mode.

**tankedsecondchance** · 2011-05-21, 17:36

Well, i tried entering safe mode but to no avail, my computer is stuck in a crashed state and i cannot use the last known good configuration seeing as it just stays crashed. anyway, this is the error code I'm Receiving *** stop: 0x000000713(0xF894F528, 0xC0000034, 0x00000000, 0x00000000)
So what should i do now, I'm stuck...

**Blade81** · 2011-05-21, 17:50

Hi,

Does normal mode work?

**tankedsecondchance** · 2011-05-21, 17:52

That's a negative.

**tankedsecondchance** · 2011-05-21, 17:56

OK, i managed to edit the boot file from recovery console, by using the bootcfg command and the rebuild switch.

**Blade81** · 2011-05-21, 18:03

So, what happened after latest DDS run? If I understand it right you hadn't run ComboFix in safe mode before bsod issue appeared.

Thread: Time for house cleaning instructions and help.

Thread Tools

Display

Posting Permissions