I've been running Windows XP SP3 with no major problems for years now, and for some reason I can't boot in normal mode. Safe mode with networking works ok.
The boot process will hang on the windows logo, or it will display an error message which I respond OK, allow me to sign on, and freeze right after the toolbar icons are rendered.
The error message I receive is (from event log): Application popup: svchost.exe - Application Error : The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written".
Here is the MBAM log:
I've been running Windows XP SP3 with no major problems for years now, and for some reason I can't boot in normal mode. Safe mode with networking works ok.
The boot process will hang on the windows logo, or it will display an error message which I respond OK, allow me to sign on, and freeze right after the toolbar icons are rendered.
The error message I receive is (from event log): Application popup: svchost.exe - Application Error : The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written".
Here is the MBAM log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.21.03
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.11
jh :: GOODE1 [administrator]
2/21/2013 12:37:38 AM
mbam-log-2013-02-21 (00-37-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 457712
Time elapsed: 15 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 10.9.2
Run by jh at 1:18:25 on 2013-02-21
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jh.GOODE1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uRunOnce: [SirefefEVCleaner] c:\documents and settings\jh.goode1\my documents\downloads\ESETSirefefEVCleaner.exe -r
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_146_Plugin.exe -update plugin
uRunOnce: [SpybotDeletingF1593] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\core.mochibot.com\com.mochibot.sol"
uRunOnce: [SpybotDeletingF394] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\d342g0hiqwjkmi.cloudfront.net\AngryBirdsStarWarsFacebookSettings.sol"
uRunOnce: [SpybotDeletingF390] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\com.mochiads.sol"
uRunOnce: [SpybotDeletingF4704] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\mochiLCStatus.sol"
uRunOnce: [SpybotDeletingF5734] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\services.mochiads.com.sol"
uRunOnce: [SpybotDeletingF8604] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__coinsEventLC__.sol"
uRunOnce: [SpybotDeletingF1166] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675.sol"
uRunOnce: [SpybotDeletingF6569] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675_fromgame.sol"
uRunOnce: [SpybotDeletingF1304] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138.sol"
uRunOnce: [SpybotDeletingF9806] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138_fromgame.sol"
uRunOnce: [SpybotDeletingF9207] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochibot.com\com.mochibot.sol"
uRunOnce: [SpybotDeletingF3423] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.gsn.com\wwgames_gs_saulgoode_176.sol"
uRunOnce: [SpybotDeletingF2555] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.worldwinner.com\wwgames_gl.sol"
uRunOnce: [SpybotDeletingF4819] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zcache.zgncdn.com\bubblesafari-1.sol"
uRunOnce: [SpybotDeletingF3080] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zynga1-a.akamaihd.net\bubblereef-1.sol"
uRunOnce: [SpybotDeletingF2825] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingF7697] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\ntbtlog.txt"
uRunOnce: [SpybotDeletingF7801] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupact.log"
uRunOnce: [SpybotDeletingF1817] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupapi.log"
uRunOnce: [SpybotDeletingF1818] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemcore.log"
uRunOnce: [SpybotDeletingF1118] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.lo_"
uRunOnce: [SpybotDeletingF1645] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.log"
uRunOnce: [SpybotDeletingF2152] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemprox.log"
uRunOnce: [SpybotDeletingF9784] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\winmgmt.log"
uRunOnce: [SpybotDeletingF9081] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wmiprov.log"
mRunOnce: [SpybotDeletingE215] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\core.mochibot.com\com.mochibot.sol"
mRunOnce: [SpybotDeletingE2421] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\d342g0hiqwjkmi.cloudfront.net\AngryBirdsStarWarsFacebookSettings.sol"
mRunOnce: [SpybotDeletingE8476] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\com.mochiads.sol"
mRunOnce: [SpybotDeletingE6176] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\mochiLCStatus.sol"
mRunOnce: [SpybotDeletingE6699] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\services.mochiads.com.sol"
mRunOnce: [SpybotDeletingE3639] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__coinsEventLC__.sol"
mRunOnce: [SpybotDeletingE4471] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675.sol"
mRunOnce: [SpybotDeletingE238] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675_fromgame.sol"
mRunOnce: [SpybotDeletingE6015] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138.sol"
mRunOnce: [SpybotDeletingE8901] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138_fromgame.sol"
mRunOnce: [SpybotDeletingE1587] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochibot.com\com.mochibot.sol"
mRunOnce: [SpybotDeletingE6484] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.gsn.com\wwgames_gs_saulgoode_176.sol"
mRunOnce: [SpybotDeletingE2312] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.worldwinner.com\wwgames_gl.sol"
mRunOnce: [SpybotDeletingE2492] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zcache.zgncdn.com\bubblesafari-1.sol"
mRunOnce: [SpybotDeletingE1351] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zynga1-a.akamaihd.net\bubblereef-1.sol"
mRunOnce: [SpybotDeletingE4711] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingE7537] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\ntbtlog.txt"
mRunOnce: [SpybotDeletingE5978] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupact.log"
mRunOnce: [SpybotDeletingE6970] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupapi.log"
mRunOnce: [SpybotDeletingE9721] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemcore.log"
mRunOnce: [SpybotDeletingE569] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.lo_"
mRunOnce: [SpybotDeletingE6949] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.log"
mRunOnce: [SpybotDeletingE5997] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemprox.log"
mRunOnce: [SpybotDeletingE8933] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\winmgmt.log"
mRunOnce: [SpybotDeletingE6893] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wmiprov.log"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoFavoritesMenu = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoStrCmpLogical = dword:1
mPolicies-Explorer: NoFavoritesMenu = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoStartMenuMyMusic = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:0
mPolicies-Explorer: NoSimpleStartMenu = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361332872031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: Applications\TextPad.exe="c:\program files\textpad 4\TextPad.exe" "%1" [UserChoice]
FileExt: .ini: Applications\TextPad.exe="c:\program files\textpad 4\TextPad.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-21 08:15:23--------dc----w-C:\deskbak
2013-02-21 07:59:1421104----a-w-c:\windows\system32\drivers\mbam.sys
2013-02-17 22:24:47--------d-----w-c:\windows\LastGood.Tmp
2013-02-16 03:09:59--------dc----w-C:\FRST
2013-02-16 02:44:56909584-c--a-w-C:\FRST.exe
2013-02-10 06:40:59479232----a-w-c:\program files\mozilla firefox\plugins\microsoft.vc80.crt\msvcm80.dll
2013-02-04 05:10:29--------d-----w-c:\documents and settings\jh.goode1\application data\PCDr
2013-01-22 17:45:47--------d-----w-c:\documents and settings\all users.windows\application data\AVG January 2013 Campaign
.
==================== Find3M ====================
.
2013-01-20 05:06:14697864----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-01-20 05:06:1274248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-14 14:44:37126-c--a-w-C:\flvthumb2.reg
2013-01-08 00:57:06256904----a-w-c:\windows\system32\drivers\tmcomm.sys
2012-12-28 21:19:2274703----a-w-c:\windows\system32\mfc45.dll
2012-12-16 12:23:59290560----a-w-c:\windows\system32\atmfd.dll
2012-12-01 20:50:58437-c--a-w-C:\scrtest.vbs
.
============= FINISH: 1:20:01.56 ===============
attach.txt:
The boot process will hang on the windows logo, or it will display an error message which I respond OK, allow me to sign on, and freeze right after the toolbar icons are rendered.
The error message I receive is (from event log): Application popup: svchost.exe - Application Error : The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written".
Here is the MBAM log:
I've been running Windows XP SP3 with no major problems for years now, and for some reason I can't boot in normal mode. Safe mode with networking works ok.
The boot process will hang on the windows logo, or it will display an error message which I respond OK, allow me to sign on, and freeze right after the toolbar icons are rendered.
The error message I receive is (from event log): Application popup: svchost.exe - Application Error : The instruction at "0x7c919af2" referenced memory at "0x00000010". The memory could not be "written".
Here is the MBAM log:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.21.03
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.11
jh :: GOODE1 [administrator]
2/21/2013 12:37:38 AM
mbam-log-2013-02-21 (00-37-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 457712
Time elapsed: 15 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 10.9.2
Run by jh at 1:18:25 on 2013-02-21
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jh.GOODE1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uRunOnce: [SirefefEVCleaner] c:\documents and settings\jh.goode1\my documents\downloads\ESETSirefefEVCleaner.exe -r
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_146_Plugin.exe -update plugin
uRunOnce: [SpybotDeletingF1593] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\core.mochibot.com\com.mochibot.sol"
uRunOnce: [SpybotDeletingF394] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\d342g0hiqwjkmi.cloudfront.net\AngryBirdsStarWarsFacebookSettings.sol"
uRunOnce: [SpybotDeletingF390] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\com.mochiads.sol"
uRunOnce: [SpybotDeletingF4704] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\mochiLCStatus.sol"
uRunOnce: [SpybotDeletingF5734] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\services.mochiads.com.sol"
uRunOnce: [SpybotDeletingF8604] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__coinsEventLC__.sol"
uRunOnce: [SpybotDeletingF1166] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675.sol"
uRunOnce: [SpybotDeletingF6569] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675_fromgame.sol"
uRunOnce: [SpybotDeletingF1304] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138.sol"
uRunOnce: [SpybotDeletingF9806] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138_fromgame.sol"
uRunOnce: [SpybotDeletingF9207] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochibot.com\com.mochibot.sol"
uRunOnce: [SpybotDeletingF3423] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.gsn.com\wwgames_gs_saulgoode_176.sol"
uRunOnce: [SpybotDeletingF2555] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.worldwinner.com\wwgames_gl.sol"
uRunOnce: [SpybotDeletingF4819] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zcache.zgncdn.com\bubblesafari-1.sol"
uRunOnce: [SpybotDeletingF3080] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zynga1-a.akamaihd.net\bubblereef-1.sol"
uRunOnce: [SpybotDeletingF2825] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingF7697] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\ntbtlog.txt"
uRunOnce: [SpybotDeletingF7801] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupact.log"
uRunOnce: [SpybotDeletingF1817] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupapi.log"
uRunOnce: [SpybotDeletingF1818] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemcore.log"
uRunOnce: [SpybotDeletingF1118] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.lo_"
uRunOnce: [SpybotDeletingF1645] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.log"
uRunOnce: [SpybotDeletingF2152] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemprox.log"
uRunOnce: [SpybotDeletingF9784] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\winmgmt.log"
uRunOnce: [SpybotDeletingF9081] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wmiprov.log"
mRunOnce: [SpybotDeletingE215] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\core.mochibot.com\com.mochibot.sol"
mRunOnce: [SpybotDeletingE2421] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\d342g0hiqwjkmi.cloudfront.net\AngryBirdsStarWarsFacebookSettings.sol"
mRunOnce: [SpybotDeletingE8476] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\com.mochiads.sol"
mRunOnce: [SpybotDeletingE6176] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\mochiLCStatus.sol"
mRunOnce: [SpybotDeletingE6699] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\services.mochiads.com.sol"
mRunOnce: [SpybotDeletingE3639] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__coinsEventLC__.sol"
mRunOnce: [SpybotDeletingE4471] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675.sol"
mRunOnce: [SpybotDeletingE238] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302184062_97675_fromgame.sol"
mRunOnce: [SpybotDeletingE6015] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138.sol"
mRunOnce: [SpybotDeletingE8901] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochiads.com\__ms_1361302828640_30138_fromgame.sol"
mRunOnce: [SpybotDeletingE1587] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\mochibot.com\com.mochibot.sol"
mRunOnce: [SpybotDeletingE6484] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.gsn.com\wwgames_gs_saulgoode_176.sol"
mRunOnce: [SpybotDeletingE2312] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\www.worldwinner.com\wwgames_gl.sol"
mRunOnce: [SpybotDeletingE2492] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zcache.zgncdn.com\bubblesafari-1.sol"
mRunOnce: [SpybotDeletingE1351] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\documents and settings\jh.goode1\application data\macromedia\flash player\#sharedobjects\eas99tl7\zynga1-a.akamaihd.net\bubblereef-1.sol"
mRunOnce: [SpybotDeletingE4711] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingE7537] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\ntbtlog.txt"
mRunOnce: [SpybotDeletingE5978] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupact.log"
mRunOnce: [SpybotDeletingE6970] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\setupapi.log"
mRunOnce: [SpybotDeletingE9721] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemcore.log"
mRunOnce: [SpybotDeletingE569] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.lo_"
mRunOnce: [SpybotDeletingE6949] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemess.log"
mRunOnce: [SpybotDeletingE5997] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wbemprox.log"
mRunOnce: [SpybotDeletingE8933] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\winmgmt.log"
mRunOnce: [SpybotDeletingE6893] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\system32\wbem\logs\wmiprov.log"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoFavoritesMenu = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoStrCmpLogical = dword:1
mPolicies-Explorer: NoFavoritesMenu = dword:1
mPolicies-Explorer: NoSMMyPictures = dword:1
mPolicies-Explorer: NoStartMenuMyMusic = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:0
mPolicies-Explorer: NoSimpleStartMenu = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361332872031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .txt: Applications\TextPad.exe="c:\program files\textpad 4\TextPad.exe" "%1" [UserChoice]
FileExt: .ini: Applications\TextPad.exe="c:\program files\textpad 4\TextPad.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-21 08:15:23--------dc----w-C:\deskbak
2013-02-21 07:59:1421104----a-w-c:\windows\system32\drivers\mbam.sys
2013-02-17 22:24:47--------d-----w-c:\windows\LastGood.Tmp
2013-02-16 03:09:59--------dc----w-C:\FRST
2013-02-16 02:44:56909584-c--a-w-C:\FRST.exe
2013-02-10 06:40:59479232----a-w-c:\program files\mozilla firefox\plugins\microsoft.vc80.crt\msvcm80.dll
2013-02-04 05:10:29--------d-----w-c:\documents and settings\jh.goode1\application data\PCDr
2013-01-22 17:45:47--------d-----w-c:\documents and settings\all users.windows\application data\AVG January 2013 Campaign
.
==================== Find3M ====================
.
2013-01-20 05:06:14697864----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-01-20 05:06:1274248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-14 14:44:37126-c--a-w-C:\flvthumb2.reg
2013-01-08 00:57:06256904----a-w-c:\windows\system32\drivers\tmcomm.sys
2012-12-28 21:19:2274703----a-w-c:\windows\system32\mfc45.dll
2012-12-16 12:23:59290560----a-w-c:\windows\system32\atmfd.dll
2012-12-01 20:50:58437-c--a-w-C:\scrtest.vbs
.
============= FINISH: 1:20:01.56 ===============
attach.txt: