Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows XP not loading and System Restore unable to restore

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows XP not loading and System Restore unable to restore

Unread postby MikeLin007 » May 16th, 2012, 1:21 am

Every time I try to start up Windows XP in normal mode it would restart. I am able to start up in safe mode, but it is not letting me restore to an earlier restore point. It will run system restore but then says it is unable to restore after I restart.
Here are the two DDS logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by mike at 22:16:16 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2500 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30DFA4DE-996D-4C0C-B286-9064F8681E0B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70D01DAC-5595-4193-BE94-46FCE0B95C37} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\uw4aeput.default\
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\mike\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 13958082;13958082 Boot Guard Driver;c:\windows\system32\drivers\13958082.sys [2011-5-12 37392]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 31952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 301248]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-28 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S1 13958081;13958081;c:\windows\system32\drivers\13958081.sys [2011-5-12 128016]
S1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2007-5-22 18088]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S1 setup_9.0.0.722_11.05.2011_11-43drv;setup_9.0.0.722_11.05.2011_11-43drv;c:\windows\system32\drivers\1395808.sys [2011-5-12 315408]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-28 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-28 41424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-14 14336]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-6-30 10384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 257696]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-13 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 129976]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-3-10 24584]
S3 silabser;GE Supra DisplayKey USB Cradle Driver;c:\windows\system32\drivers\silabser.sys [2011-3-10 69256]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2009-5-23 247296]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-5-23 19200]
.
=============== Created Last 30 ================
.
2012-05-16 04:28:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 21:15:47 -------- d-----w- c:\program files\CarbonPoker
2012-05-03 05:55:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 05:55:26 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-03 05:55:26 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-22 05:37:59 -------- d-----w- c:\program files\RealVNC
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-19 02:07:34 -------- d-----w- c:\program files\DivX
2012-04-19 02:07:10 -------- d-----w- c:\documents and settings\all users\application data\DivX
.
==================== Find3M ====================
.
2012-05-16 05:07:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-16 04:28:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 12:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 12:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD753LJ rev.1AA01110 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x8A3809C0]<<
_asm { MOV EAX, 0x8a3808e0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a383a74; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A283AB8]
\Driver\Disk[0x8A2D3BD8] -> IRP_MJ_CREATE -> 0x8A3809C0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a3809c0
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 22:17:07.40 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2009 11:59:03 PM
System Uptime: 5/15/2012 10:04:42 PM (0 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R)
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2448/272mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 355.866 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&3BAAFE9&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&3BAAFE9&0&0001
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0
Service: RTL8023xp
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&0
Service:
.
==== System Restore Points ===================
.
RP123: 2/15/2012 1:55:50 PM - System Checkpoint
RP124: 2/17/2012 12:22:55 AM - System Checkpoint
RP125: 2/18/2012 3:02:36 AM - System Checkpoint
RP126: 3/7/2012 10:52:44 AM - System Checkpoint
RP127: 3/19/2012 9:18:03 PM - System Checkpoint
RP128: 3/21/2012 1:25:01 PM - System Checkpoint
RP129: 3/25/2012 2:14:06 AM - System Checkpoint
RP130: 3/27/2012 1:56:52 AM - System Checkpoint
RP131: 4/1/2012 5:43:57 PM - System Checkpoint
RP132: 4/2/2012 6:20:38 PM - System Checkpoint
RP133: 4/4/2012 2:39:31 PM - System Checkpoint
RP134: 4/5/2012 3:08:33 PM - System Checkpoint
RP135: 4/7/2012 5:18:21 AM - System Checkpoint
RP136: 4/8/2012 5:20:56 PM - System Checkpoint
RP137: 4/9/2012 9:55:41 PM - System Checkpoint
RP138: 4/11/2012 9:42:00 PM - System Checkpoint
RP139: 4/13/2012 4:21:38 PM - System Checkpoint
RP140: 4/16/2012 2:43:58 PM - System Checkpoint
RP141: 4/17/2012 3:46:08 PM - System Checkpoint
RP142: 4/21/2012 9:32:13 PM - System Checkpoint
RP143: 4/22/2012 10:09:47 PM - System Checkpoint
RP144: 4/24/2012 3:04:10 AM - System Checkpoint
RP145: 5/1/2012 6:45:36 PM - System Checkpoint
RP146: 5/2/2012 6:54:16 PM - System Checkpoint
RP147: 5/6/2012 5:13:03 PM - System Checkpoint
RP148: 5/7/2012 9:18:44 PM - System Checkpoint
RP149: 5/9/2012 6:22:45 PM - System Checkpoint
RP150: 5/10/2012 6:35:37 PM - System Checkpoint
RP151: 5/14/2012 2:58:08 PM - System Checkpoint
RP152: 5/15/2012 9:39:06 PM - Restore Operation
RP153: 5/15/2012 9:51:28 PM - Restore Operation
RP154: 5/15/2012 9:56:15 PM - Restore Operation
RP155: 5/15/2012 10:05:37 PM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Adobe® CreatePDF Desktop
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVG 2012
Bonjour
BufferChm
Canon PIXMA iP3000
CarbonPoker
Casino Verite Blackjack V5
CDDRV_Installer
Chinese Simplified Fonts Support For Adobe Reader 9
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
D1600
DeviceDiscovery
Diablo II
Diablo III Beta
DisplayKEY USB Cradle
DivX Setup
DJ_SF_06_D1600_SW_Min
dKeyUSBCradleDriver_x86
Dota 2
Download Updater (AOL LLC)
Dragon Age: Origins
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19]
Full Tilt Poker
G9 Device Package
GIMP 2.6.8
GPBaseService2
Heroes of Might and Magic® III Complete
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Play [beta]
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
IEEE 802.11g USB Wireless LAN Adapter
iTunes
Java Auto Updater
Java(TM) 6 Update 29
JMB36X Raid Configurer
KhalInstallWrapper
Left 4 Dead
Logitech SetPoint
Logitech SetPoint 5.10
Logitech Updater
Magic Online III
Magic Workstation 0.94f
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Might & Magic Heroes VI
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 6.0 Parser (KB927977)
MTGO Library Bot 2.46
NVIDIA PhysX
OCCT Perestroika 3.1.0
OGA Notifier 2.0.0048.0
PokerStars.net
Prototype(TM)
QuickTime
Ray Adams ATI Tray Tools
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shipstream Manager
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
SSC Service Utility v4.30
Stamps.com
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
Stamps.com support for Microsoft Word 2000-2007
StarCraft
Status
Steam
Sun xVM VirtualBox
SUPERAntiSpyware
System Requirements Lab CYRI
The Sims™ 3
Toolbox
TrayApp
Tropico 3 1.00
Turbo Lister 2
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
VideoLAN VLC media player 0.8.4a
VNC Free Edition 4.1.3
Warcraft III
WC3Banlist
WebFldrs XP
WebReg
Windows Driver Package - GE Security (silabenm) Ports (12/10/2008 5.4.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPcap 3.1
WinRAR archiver
World of Warcraft
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
5/15/2012 9:44:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/15/2012 9:39:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
5/15/2012 9:39:53 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/15/2012 9:39:53 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/15/2012 9:39:53 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/15/2012 9:39:53 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/15/2012 9:39:53 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/15/2012 9:33:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/15/2012 9:33:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/15/2012 9:28:08 PM, error: Cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
5/14/2012 12:13:09 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/13/2012 1:29:38 PM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
5/13/2012 1:29:38 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
13958081 atitray Avgldx86 Avgmfx86 Fips intelppm SASDIFSV SASKUTIL setup_9.0.0.722_11.05.2011_11-43drv VBoxDrv VBoxUSBMon vmm
13958081 AFD atitray Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL setup_9.0.0.722_11.05.2011_11-43drv Tcpip VBoxDrv VBoxUSBMon vmm
13958081 AFD atitray Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL setup_9.0.0.722_11.05.2011_11-43drv Tcpip VBoxDrv VBoxUSBMon vmm
13958081 AFD atitray Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL setup_9.0.0.722_11.05.2011_11-43drv Tcpip VBoxDrv VBoxUSBMon vmm
13958081 AFD atitray Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL setup_9.0.0.722_11.05.2011_11-43drv Tcpip VBoxDrv VBoxUSBMon vmm
.
==== End Of File ===========================
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am
Advertisement
Register to Remove

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 17th, 2012, 6:03 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


================================================


aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it
  • Click NO to the prompt to download Avast! virus definitions.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 17th, 2012, 7:51 pm

Thanks for the help. Here is the log file. To clarify, I am NOT supposed to update the Avastl virus definitions, correct?

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-17 16:47:34
-----------------------------
16:47:34.468 OS Version: Windows 5.1.2600 Service Pack 3
16:47:34.468 Number of processors: 4 586 0xF0B
16:47:34.468 ComputerName: ---------- UserName: mike
16:47:35.796 Initialize success
16:49:46.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
16:49:46.406 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01110 Size: 715404MB BusType: 3
16:49:46.421 Disk 0 MBR read successfully
16:49:46.421 Disk 0 MBR scan
16:49:46.437 Disk 0 Windows XP default MBR code
16:49:46.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715394 MB offset 63
16:49:46.453 Disk 0 scanning sectors +1465128000
16:49:46.515 Disk 0 scanning C:\WINDOWS\system32\drivers
16:49:49.593 Service scanning
16:49:50.937 Service ALLOW-IO D:\ALLOW-IO.sys **LOCKED** 21
16:49:52.281 Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
16:49:55.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
16:49:56.687 Modules scanning
16:49:59.390 Disk 0 trace - called modules:
16:49:59.453 ntoskrnl.exe >>UNKNOWN [0x8ad419c0]<<
16:49:59.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac18ab8]
16:49:59.531 \Driver\Disk[0x8ac8be38] -> IRP_MJ_CREATE -> 0x8ad419c0
16:49:59.562 Scan finished successfully
16:50:21.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mike\Desktop\Logs\MBR.dat"
16:50:21.859 The log file has been saved successfully to "C:\Documents and Settings\mike\Desktop\Logs\aswMBR.txt"
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 18th, 2012, 12:46 pm

MikeLin007 wrote:To clarify, I am NOT supposed to update the Avastl virus definitions, correct?
That time, yes. However i would like you to perform a scan this time with Avast def's.

DeFogger

Download DeFogger from here and save it to your desktop.

Double click Defogger.exe to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.



aswMBR

  • Double click aswMBR.exe to run it.
  • Click YES to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 18th, 2012, 11:26 pm

Wow really amazing set of tools you guys have here. After running defogger and restarting, my normal windows XP loaded. Before that I was running in safe-mode only. I'll post the MBR log as soon as it's finished scanning, in case there is still something wrong with my computer.
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 19th, 2012, 12:15 am

Here is the MBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-18 19:43:00
-----------------------------
19:43:00.889 OS Version: Windows 5.1.2600 Service Pack 3
19:43:00.889 Number of processors: 4 586 0xF0B
19:43:00.889 ComputerName: ---------- UserName: mike
19:43:04.436 Initialize success
19:43:12.655 AVAST engine defs: 12051801
19:43:19.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
19:43:19.077 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01110 Size: 715404MB BusType: 3
19:43:19.092 Disk 0 MBR read successfully
19:43:19.092 Disk 0 MBR scan
19:43:19.108 Disk 0 Windows XP default MBR code
19:43:19.124 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715394 MB offset 63
19:43:19.124 Disk 0 scanning sectors +1465128000
19:43:19.233 Disk 0 scanning C:\WINDOWS\system32\drivers
19:43:30.296 Service scanning
19:43:30.827 Service ALLOW-IO D:\ALLOW-IO.sys **LOCKED** 21
19:43:39.592 Modules scanning
19:43:50.827 Disk 0 trace - called modules:
19:43:50.842 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:43:50.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abedab8]
19:43:50.842 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-9[0x8abf0b00]
19:43:52.233 AVAST engine scan C:\WINDOWS
19:44:36.342 AVAST engine scan C:\WINDOWS\system32
19:49:52.030 AVAST engine scan C:\WINDOWS\system32\drivers
19:51:00.858 AVAST engine scan C:\Documents and Settings\mike
20:47:19.467 AVAST engine scan C:\Documents and Settings\All Users
21:03:59.436 Scan finished successfully
21:10:49.827 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mike\Desktop\Logs\MBR.dat"
21:10:49.827 The log file has been saved successfully to "C:\Documents and Settings\mike\Desktop\Logs\aswMBR1.txt"
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 19th, 2012, 4:33 am

MikeLin007 wrote:After running defogger and restarting, my normal windows XP loaded. Before that I was running in safe-mode only.


It looks as though the Daemon tools drivers were the cause then - Do you still use it - I can't see other traces of it.

One last check.

TFC

Please download TFC by Old Timer to your desktop,

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 19th, 2012, 5:54 pm

I haven't used it for a few months now, but I never uninstalled the program though. The MBAM scan came up clean, here is the log file. Also is there a way to fix my system restore?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mike :: ---------- [administrator]

5/19/2012 2:48:46 PM
mbam-log-2012-05-19 (14-48-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210810
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 20th, 2012, 5:03 pm

FSS

Please download Farbar's Service Scanner from here and save it to your desktop.

  • Double click FSS.exe to run it.
  • Check the following checkboxes only (RpcSs and PlugPlay is checked by default)

    • System Restore

  • Click Scan
  • When finished, notepad will open. Please post the contents in your next reply.

Note: The log can also be found on your desktop named FSS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 21st, 2012, 2:53 am

Here is the log file from FFS.exe

Farbar Service Scanner Version: 17-05-2012
Ran by mike (administrator) on 20-05-2012 at 23:53:06
Running from "C:\Documents and Settings\mike\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************



System Restore:
============

System Restore Disabled Policy:
========================


File Check:
========
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 21st, 2012, 1:00 pm

Well everything seems ok with System restore now - There was an error in the logs from the 14th. DDS shows restore points were being made until that time.

RP148: 5/7/2012 9:18:44 PM - System Checkpoint
RP149: 5/9/2012 6:22:45 PM - System Checkpoint
RP150: 5/10/2012 6:35:37 PM - System Checkpoint
RP151: 5/14/2012 2:58:08 PM - System Checkpoint
RP152: 5/15/2012 9:39:06 PM - Restore Operation
RP153: 5/15/2012 9:51:28 PM - Restore Operation
RP154: 5/15/2012 9:56:15 PM - Restore Operation
RP155: 5/15/2012 10:05:37 PM - Restore Operation

The error was:
5/14/2012 12:13:09 AM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

MS give this explanation for that error:
Explanation

System Restore encountered an error when backing up a protected file. This error causes System Restore to stop copying files and purge all existing restore points. System Restore will automatically restart after the next restore point is created.
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1&EvtSrc=sr&LCID=1033

We'll further check things anyway.

FSS

Farbar's Service Scanner

  • Double click FSS.exe to run it.
  • Into the search box, copy/paste the folowing:

    srservice

  • Click Export Service
  • When finished, notepad will open. Please post the contents in your next reply.

Note: The log can also be found on your desktop named FSS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 21st, 2012, 5:16 pm

I see, thanks for taking the time looking that up for me. Here is the FSS.exe log file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="System Restore Service"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Parameters]
"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,72,00,\
73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\srservice\Enum]
"0"="Root\\LEGACY_SRSERVICE\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_srservice]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_srservice\0000]
"Service"="srservice"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="System Restore Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_srservice\0000\Control]
"ActiveService"="srservice"
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 22nd, 2012, 5:19 pm

Hi

That looks fine - any other issues? We'll re-enable you CD emulation drivers. Tell me if your original problem returns.


Create a restore point

  • Click Start > Run
  • Copy & paste the following into the run box & click OK

    %SYSTEMROOT%\System32\restore\rstrui.exe

  • When System Restore opens, click Create a restore point, then click Next.
  • Type a description for the restore point.
  • Click create
  • After a short while you should see Restore point created if successful



DeFogger Re-enable

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Windows XP not loading and System Restore unable to rest

Unread postby MikeLin007 » May 23rd, 2012, 7:15 pm

Hey looks like its fixed. System restore successfully created a restore point and defogger was able to re-enable the emulation drivers. Is there anything else I should do?
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Windows XP not loading and System Restore unable to rest

Unread postby melboy » May 25th, 2012, 6:07 pm

Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


======================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges.
    You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware