Jump to content
Sign in to follow this  
El Kabong

Help: Bad Image Error

Recommended Posts

JonTom   

Hello El Kabong

 

Please do the following:

 

  • Please work through the following steps

     

     

    • Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").
    • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
    • Copy and Paste the text in the quotebox below into the open Notepad window:

       

      DeQuarantine::

      C:\Qoobox\Quarantine\C\Program Files\Steam\Steam.exe.vir

      Quit::

       

       

       

    • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
    • Close any open browsers.
    • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Refering to the picture below, drag CFScript.txt into ComboFix.exe

       

      Posted Image

       

    • When finished, it shall produce a log for you which I will require in your next reply.
    • Once the log is produced, re-engage your resident anti virus.

  • Next

     

     

    • Navigate to the following:

    C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Steam.reg.dat

     

    • Manually remove the ".dat" extension so that the file becomes C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Steam.reg
    • Once you have done this, double click on C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Steam.reg
    • If you are asked if you want to merge the contents with the registry, please consent.

  • Temporary File Cleaner

     

     

    • Download TFC to your desktop.
    • Close any open windows.
    • Double click the TFC icon to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.

  • MalwareBytes AntiMalware:

     

     

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

  • Please run the following scan

     

     

    • Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.

     

    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

     

    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image

    Post the ComboFix log, the MBAM log and the ESET log in your next reply and let me know how the machine is running now.

Share this post


Link to post
Share on other sites

Hi JonTom.

 

All steps completed. After combofix had not Web access, so had to reboot. Shutdown after TFC extremely long. Everything else went smoothly.

 

As far as system performance goes.... I'm still getting Bad Image errors, most notably when launching IE - (iexplore - Bad Image, The application or DLL C:\WINDOWS\appPatch\acLayers.DLL is not a valid WIndows image. Please check this against your installation diskette). If I click OK it launches normally.

 

I still can't run more of my programs/software - the exe icons in the start menu are still 'altered'. Maybe eventually I'll have to re-install everything? This includes my system tools (Restore,System Info, etc..) (Help and Support Error - Windows cannot o-pen Help and Support because a system service is not running. To fix this problem, start the service named 'Help and Support').

 

Other than that... It looks good. :)

 

Here are the Scans and logs.

 

Combofix Log: (DeQuarantine)

 

C:\Qoobox\Quarantine\C\Program Files\Steam\Steam.exe.vir -> C:\Program Files\Steam\Steam.exe ( 1242448 bytes )

 

 

 

MBAM Log:

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7680

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

9/8/2011 8:18:59 PM

mbam-log-2011-09-08 (20-18-59).txt

 

Scan type: Quick scan

Objects scanned: 219156

Time elapsed: 2 minute(s), 50 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

ESETScan:

 

C:\Documents and Settings\Mark\My Documents\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Thank you for working through those steps (Steam should be restored now).

 

Maybe eventually I'll have to re-install everything?

That is always an option we have at our disposal, but I don't give up that easily :boxing:

 

Lets take care of the ESET detection:

 

  • Please download OTM

     

     

    • Please download OTM by OldTimer by clicking here.
    • Save the file (called OTM.exe) to your desktop.
    • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

     

    :Processes 
    explorer.exe
    
    :Files
    C:\Documents and Settings\Mark\My Documents\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso
    
    
    :Commands
    [Purity]
    [EmptyTemp]
    [Emptyflash]
    [Start Explorer]
    [Reboot]
    
    

     

     

     

    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM.
    • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • Help and Support Error

     

     

    • Lets try and address the help and support error with the following.
    • Click on "Start" and then on "Run".
    • Type (or copy/paste) the text in bold into the Run box, then click on OK

    Services.msc

     

    • A window will open.
    • Double click on "Help and Support".
    • In the window that appears, set the Startup type to "Automatic".
    • Click on OK and close the remaing windows.

    Please post the OTM log in your next reply, let me know if you are still getting the bad image error messages, and if you are now able to open your programs.

Share this post


Link to post
Share on other sites

Hi JonTom.

 

Not good news I'm afraid. The OTM move seemed to (see log below), but the incorporated [reboot] in the script didn't happen. In fact, windows was stuck in 'shut down' for hours. Had to cold reboot.

 

Also, there was no 'Help and Support' in Services.msc... there's a helpsvc (whose setup is already top automatic)? I didn't touch anything in any case.

 

Still getting Bad Image Errors (at least when launching IE).

 

Still cannot run most programs... :(

 

Attempting other restart... without cold reset

 

OTM LOG:

 

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

C:\Documents and Settings\Mark\My Documents\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Mark

->Temp folder emptied: 977470 bytes

->Temporary Internet Files folder emptied: 7648793 bytes

->FireFox cache emptied: 41403012 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

 

User: Mark C

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 90 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 48.00 mb

 

 

OTM by OldTimer - Version 3.1.18.0 log created on 09092011_181429

 

Files moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Lets try to get your programs running again and then run a different system scan to try and pin down the source of the error messages:

 

  • SREng

     

     

    • Download SREng from here.
    • Extract it to Desktop and double click SREngLdr.EXE to run it (NOTE: you may need to rename it it IEXPLORE.EXE to get it to run or SREng.com)
    • Select System Repair from the left pane.
    • Click on File Association.
    • Select all entries that have an Error status and click on [Repair].
    • Refer to this image for an example:

       

      Posted Image

    • Close SREng now.

  • Junction

     

     

    • Please download Junction.zip by clicking here and save it to your desktop.
    • Unzip it and extract junction.exe to your C:\ drive.
    • Once junction.exe has been extracted, copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad:

    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0
    

    • Save it to your desktop as File name: junc.bat
    • Save as type: All Files
    • Double click junc.bat to run it.
    • A log will be presented. Copy and paste the content of the log in your next reply.

  • Download and run OTL by Oldtimer

     

     

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\Fonts\*.com

    %systemroot%\Fonts\*.dll

    %systemroot%\Fonts\*.ini

    %systemroot%\Fonts\*.ini2

    %systemroot%\Fonts\*.exe

    %systemroot%\system32\spool\prtprocs\w32x86\*.*

    %systemroot%\REPAIR\*.bak1

    %systemroot%\REPAIR\*.ini

    %systemroot%\system32\*.jpg

    %systemroot%\*.jpg

    %systemroot%\*.png

    %systemroot%\*.scr

    %systemroot%\*._sy

    %APPDATA%\Adobe\Update\*.*

    %ALLUSERSPROFILE%\Favorites\*.*

    %APPDATA%\Microsoft\*.*

    %PROGRAMFILES%\*.*

    %APPDATA%\Update\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\System32\config\*.sav

    %PROGRAMFILES%\bak. /s

    %systemroot%\system32\bak. /s

    %ALLUSERSPROFILE%\Start Menu\*.lîk /x

    %systemroot%\system32\config\systemprofile\*.dat /x

    %systemroot%\*.config

    %systemroot%\system32\*.db

    %PROGRAMFILES%\Internet Explorer\*.dat

    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x

    %USERPROFILE%\Deskuop\*.exe

    %PROGRAMFILES%\Common Files\*.*

    %systemroot%\*.src

    %systemroot%\install\*.*

    %systemroot%\system32\DLL\*.*

    %systemroot%\system32\HelpFiles\*.*

    %systemroot%\system32\rundll\*.*

    %systemroot%\winn32\*.*

    %systemroot%\Java\*.*

    %systemroot%\system32\test\*.*

    %systemroot%\system32\Rundll32\*.*

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    /md5start

    iexplore.*

    explorer.*

    winlogon.*

    dll

    zx.dll

    hlp.dat

    /md5stop

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

  • Rootkit Unhooker

     

     

    • Please Download Rootkit Unhooker and Save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest, then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.

    Copy the entire contents of the report and paste it in your next reply here.

    Note: You may get the following warning, just click OK and continue.

     

    "Rootkit Unhooker has detected a parasite inside itself!

    It is recommended to remove parasite, okay?"

     

    Please post the junction log, the OTL logs and the Rootkit Unhooker log in your next reply (you may need to make more than one post to fit all of the information in).

Share this post


Link to post
Share on other sites

Hi JonTom.

Whew... That was quite a list

Here we go!

 

Junction Log:

 

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

 

 

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

 

 

 

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp: Access is denied.

 

 

...

 

...

 

...

 

...

 

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

 

.\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

 

 

 

OTL LOG:

 

OTL logfile created on: 9/10/2011 7:38:39 PM - Run 1

OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Mark\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 82.10% Memory free

4.84 Gb Paging File | 4.53 Gb Available in Paging File | 93.49% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 596.16 Gb Total Space | 205.16 Gb Free Space | 34.41% Space Free | Partition Type: NTFS

 

Computer Name: MARKC | User Name: Mark | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/09/10 19:36:41 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe

PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/05/20 14:34:30 | 012,026,216 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/18 15:36:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

PRC - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2008/02/18 15:36:04 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/09/10 16:05:04 | 001,560,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091002\algo.dll

MOD - [2011/09/10 14:48:23 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091002\aswRep.dll

MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009/04/27 12:55:12 | 000,678,400 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll

MOD - [2008/12/25 12:08:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (NeroRegInCDSrv)

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)

SRV - [2008/04/13 20:12:08 | 000,068,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)

SRV - [2008/04/13 20:12:05 | 000,039,424 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\sens.dll -- (SENS)

SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)

SRV - [2008/04/13 20:11:53 | 000,023,040 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)

SRV - [2008/02/18 15:36:14 | 001,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2007/11/17 19:41:46 | 000,598,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2007/11/17 19:40:20 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2010/01/17 15:18:30 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/08/18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)

DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)

DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2008/01/30 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/11/17 19:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/17 19:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/defaultf.aspx?lang=fr-ca

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1374

FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cfbef19&v=7.007.026.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/24 10:26:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/10 18:03:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 16:10:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 18:47:31 | 000,000,000 | ---D | M]

 

[2009/03/13 22:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions

[2011/09/02 20:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\gvk0n3rj.default\extensions

[2010/09/25 17:46:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\gvk0n3rj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/06/23 22:18:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\gvk0n3rj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/04/04 17:39:00 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\gvk0n3rj.default\searchplugins\daemon-search.xml

[2011/06/11 16:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/09/10 18:03:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011/06/24 10:26:01 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

 

O1 HOSTS File: ([2011/09/05 18:11:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)

O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{752F14E1-309A-4B3D-879C-E7572779E215}: DhcpNameServer = 192.168.2.1 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll ()

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/04 10:45:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: ERSvc - C:\WINDOWS\system32\ersvc.dll ()

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Seclogon - C:\WINDOWS\system32\seclogon.dll ()

NetSvcs: SENS - C:\WINDOWS\system32\sens.dll ()

NetSvcs: WmdmPmSp - File not found

NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\wmisvc.dll ()

 

CREATERESTOREPOINT

Error creating restore point.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/09/10 19:36:32 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe

[2011/09/10 19:26:45 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

[2011/09/10 19:24:48 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\Mark\Desktop\SREngLdr.EXE

[2011/09/09 18:14:29 | 000,000,000 | ---D | C] -- C:\_OTM

[2011/09/09 18:13:00 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTM.exe

[2011/09/08 20:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/09/08 19:09:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\TFC.exe

[2011/09/08 18:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[2011/09/08 18:39:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/09/08 18:38:41 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/09/07 20:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/09/04 11:17:41 | 004,200,409 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark\Desktop\ComboFix.exe

[2011/09/02 21:04:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Mark\Desktop\HijackThis.exe

[2011/09/02 19:10:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark\Desktop\dds.scr

[2011/09/02 18:47:23 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/09/02 18:45:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/08/30 20:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google

[2011/08/30 20:48:43 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/08/30 20:48:43 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/08/30 20:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus

[2011/08/30 20:48:42 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/08/30 20:48:42 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/08/30 20:48:42 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/08/30 20:48:42 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/08/30 20:48:42 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/08/30 20:48:42 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/08/30 20:47:42 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/08/30 20:47:42 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/08/30 20:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/08/30 20:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software

[2011/08/29 22:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\Malwarebytes

[2011/08/29 22:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/29 22:15:51 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/08/29 22:15:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/29 22:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/08/29 22:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

[2011/08/29 20:01:01 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/08/29 19:56:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/08/29 19:56:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/08/29 19:56:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/08/29 19:56:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/08/29 19:56:30 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/29 19:55:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark\Start Menu\Programs\Administrative Tools

 

========== Files - Modified Within 30 Days ==========

 

[2011/09/10 19:36:41 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe

[2011/09/10 19:28:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/09/10 19:26:21 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Junction.zip

[2011/09/10 19:24:18 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\sreng2.zip

[2011/09/10 18:05:25 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/09/10 18:05:14 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2011/09/10 18:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/10 18:03:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/09/09 20:34:28 | 000,013,708 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/09 18:13:07 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTM.exe

[2011/09/08 19:09:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\TFC.exe

[2011/09/08 18:16:24 | 004,200,409 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark\Desktop\ComboFix.exe

[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/09/06 05:05:02 | 001,384,962 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\tdsskiller.zip

[2011/09/05 18:11:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/09/05 10:50:30 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/09/04 13:57:12 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\SystemLook.exe

[2011/09/03 13:21:20 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Mark\defogger_reenable

[2011/09/03 13:18:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Defogger.exe

[2011/09/02 21:04:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Mark\Desktop\HijackThis.exe

[2011/09/02 19:10:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark\Desktop\dds.scr

[2011/09/02 18:47:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk

[2011/09/02 18:45:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/08/30 20:48:43 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk

[2011/08/29 22:15:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/29 20:01:05 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2011/08/24 03:00:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/08/23 19:19:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk

 

========== Files Created - No Company Name ==========

 

[2011/09/10 19:26:21 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Junction.zip

[2011/09/10 19:24:10 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\sreng2.zip

[2011/09/06 05:04:40 | 001,384,962 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\tdsskiller.zip

[2011/09/04 13:57:11 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\SystemLook.exe

[2011/09/03 13:40:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\gmer.exe

[2011/09/03 13:21:15 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Mark\defogger_reenable

[2011/09/03 13:18:52 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Defogger.exe

[2011/08/30 20:48:43 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk

[2011/08/29 22:15:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/29 20:01:05 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2011/08/29 20:01:02 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/08/29 19:56:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/08/29 19:56:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/08/29 19:56:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/08/29 19:56:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/08/29 19:56:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/06/11 18:59:14 | 000,036,140 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat

[2011/06/11 18:59:09 | 000,094,208 | ---- | C] () -- C:\WINDOWS\DIIUnin.exe

[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2010/02/24 06:22:10 | 000,185,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\acedrv11.sys

[2009/12/02 18:32:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/02 18:32:33 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/17 03:04:24 | 002,173,472 | ---- | C] () -- C:\WINDOWS\System32\nvcplui.exe

[2009/08/17 00:57:00 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2009/03/15 19:37:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009/03/13 22:55:01 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2009/03/13 22:54:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll

[2009/03/13 22:54:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll

[2009/03/13 22:17:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/13 22:11:26 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/03/13 22:10:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/03/13 22:05:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/13 22:01:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/13 22:01:01 | 000,538,624 | ---- | C] () -- C:\WINDOWS\System32\spider.exe

[2009/03/13 15:46:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/13 15:45:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\notepad.exe

[2009/03/13 15:43:35 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/12/25 12:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008/12/25 12:08:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2008/12/25 12:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008/12/25 12:08:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2008/12/25 12:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008/12/25 12:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008/12/25 12:08:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2008/12/25 12:08:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2004/08/12 10:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 10:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 10:09:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\webclnt.dll

[2004/08/12 10:06:43 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\stobject.dll

[2004/08/12 10:04:54 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\sens.dll

[2004/08/12 10:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 10:04:51 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\seclogon.dll

[2004/08/12 10:03:49 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\pstorsvc.dll

[2004/08/12 10:03:48 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\psbase.dll

[2004/08/12 10:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 10:03:20 | 000,435,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 10:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 10:03:19 | 000,068,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 10:02:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\oakley.dll

[2004/08/12 10:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 09:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 09:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 09:58:13 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ipsecsvc.dll

[2004/08/12 09:57:15 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc.dll

[2004/08/12 09:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 09:57:10 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\dssenh.dll

[2004/08/12 09:56:49 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\ddraw.dll

[2004/08/12 09:56:48 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\dciman32.dll

[2004/08/12 09:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/12 09:56:46 | 001,689,088 | ---- | C] () -- C:\WINDOWS\System32\d3d9.dll

[2004/08/12 09:56:00 | 000,194,560 | ---- | C] () -- C:\WINDOWS\System32\certcli.dll

[2004/08/12 09:55:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\batmeter.dll

[2004/08/03 18:59:08 | 000,080,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\parport.sys

 

========== LOP Check ==========

 

[2011/08/30 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software

[2010/01/19 00:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BioWare

[2011/02/09 20:45:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files

[2010/01/17 15:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite

[2009/03/14 16:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Electronic Arts

[2009/09/23 21:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fallout3

[2010/06/14 19:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GARMIN

[2011/02/09 18:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

[2011/02/21 19:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft

[2011/03/23 18:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom

[2010/06/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/01/17 15:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\DAEMON Tools Lite

[2011/06/24 10:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\DDMSettings

[2010/06/14 19:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\GARMIN

[2010/12/07 19:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ProtectDISC

[2011/02/21 19:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ubisoft

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009/03/04 10:45:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/01/18 18:39:38 | 000,000,223 | ---- | M] () -- C:\Boot.bak

[2011/08/29 20:01:05 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2009/03/04 10:45:41 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/09/08 18:41:37 | 000,000,113 | ---- | M] () -- C:\DeQuarantine.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2009/03/04 10:45:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/09/07 15:39:20 | 000,150,392 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

[2011/09/10 19:35:22 | 000,002,620 | ---- | M] () -- C:\log.txt

[2009/03/04 10:45:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/12 10:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/06/03 21:33:15 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/09/10 18:04:55 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2011/09/06 05:06:35 | 000,036,678 | ---- | M] () -- C:\TDSSKiller.2.5.18.0_06.09.2011_05.05.35_log.txt

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

 

< %systemroot%\Fonts\*.com >

[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2009/03/13 22:03:32 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.exe >

 

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

 

< %systemroot%\REPAIR\*.bak1 >

 

< %systemroot%\REPAIR\*.ini >

 

< %systemroot%\system32\*.jpg >

 

< %systemroot%\*.jpg >

 

< %systemroot%\*.png >

 

< %systemroot%\*.scr >

[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

 

< %systemroot%\*._sy >

 

< %APPDATA%\Adobe\Update\*.* >

 

< %ALLUSERSPROFILE%\Favorites\*.* >

 

< %APPDATA%\Microsoft\*.* >

 

< %PROGRAMFILES%\*.* >

 

< %APPDATA%\Update\*.* >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

[2009/03/13 15:25:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2009/03/13 15:25:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2009/03/13 15:25:03 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\bak. /s >

 

< %systemroot%\system32\bak. /s >

 

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

[2010/06/03 21:36:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

[2010/06/03 21:36:05 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Set Program Access and Defaults.lnk

[2009/03/13 22:03:57 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Windows Catalog.lnk

[2009/03/13 22:03:57 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Windows Update.lnk

 

< %systemroot%\system32\config\systemprofile\*.dat /x >

 

< %systemroot%\*.config >

 

< %systemroot%\system32\*.db >

 

< %PROGRAMFILES%\Internet Explorer\*.dat >

 

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

 

< %USERPROFILE%\Deskuop\*.exe >

 

< %PROGRAMFILES%\Common Files\*.* >

 

< %systemroot%\*.src >

 

< %systemroot%\install\*.* >

 

< %systemroot%\system32\DLL\*.* >

 

< %systemroot%\system32\HelpFiles\*.* >

 

< %systemroot%\system32\rundll\*.* >

 

< %systemroot%\winn32\*.* >

 

< %systemroot%\Java\*.* >

 

< %systemroot%\system32\test\*.* >

 

< %systemroot%\system32\Rundll32\*.* >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-24 07:00:17

 

 

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/12 09:57:20 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

 

< MD5 for: EXPLORER.EXE-082F38A9.PF >

[2011/09/10 19:36:44 | 000,018,954 | ---- | M] () MD5=B24EB1B793D133654ED6E3029C67A4F4 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

 

< MD5 for: EXPLORER.SCF >

[2004/08/12 09:57:20 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

 

< MD5 for: EXPLORER.ZIP >

[2009/06/03 21:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

 

< MD5 for: IEXPLORE.CHM >

[2004/08/12 09:58:01 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm

[2006/09/01 09:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\Help\iexplore.chm

 

< MD5 for: IEXPLORE.EXE >

[2010/12/20 07:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=091D358EFC9D22901BD879EF37F0DAC4 -- C:\WINDOWS\ie7updates\KB2497640-IE7\iexplore.exe

[2010/06/17 11:12:57 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=203E897F843D56496E2CC101DFF6CE34 -- C:\WINDOWS\ie7updates\KB2360131-IE7\iexplore.exe

[2011/04/21 06:34:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=3E23DBEBE1020D52C63235E4189FAC03 -- C:\WINDOWS\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe

[2009/10/28 02:54:16 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=4F9B04D546C23A295F3F0AE015BE51DB -- C:\WINDOWS\ie7updates\KB978207-IE7\iexplore.exe

[2009/10/28 02:54:16 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=4F9B04D546C23A295F3F0AE015BE51DB -- C:\WINDOWS\SoftwareDistribution\Download\a5fdd8607ddaffd55aa72ce1ea06b42c\SP3GDR\iexplore.exe

[2009/12/18 09:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe

[2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe

[2010/10/18 07:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=72D1F43C4146D312B0DB6AB98C21340E -- C:\WINDOWS\ie7updates\KB2482017-IE7\iexplore.exe

[2009/10/28 02:54:21 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=80675329E0FD54F016C4F8A83C616349 -- C:\WINDOWS\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe

[2009/10/28 02:54:21 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=80675329E0FD54F016C4F8A83C616349 -- C:\WINDOWS\SoftwareDistribution\Download\a5fdd8607ddaffd55aa72ce1ea06b42c\SP3QFE\iexplore.exe

[2011/06/20 07:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=993F33696EF219C306BF9BBA34D85073 -- C:\Program Files\Internet Explorer\iexplore.exe

[2011/06/20 07:29:11 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=993F33696EF219C306BF9BBA34D85073 -- C:\WINDOWS\system32\dllcache\iexplore.exe

[2010/06/17 10:45:15 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B0BC6DC9C9277250C5C8F7B7A48A02CC -- C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe

[2010/04/16 07:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe

[2010/02/23 01:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B5116340B84824DDD0A641E36B126194 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe

[2011/04/21 06:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6E13F9C120C776A89D783E26D6C15C5 -- C:\WINDOWS\ie7updates\KB2559049-IE7\iexplore.exe

[2010/12/20 06:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\$hf_mig$\KB2482017-IE7\SP

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Thank you for the logs.

 

I would like to see a little extra information if I may:

 

  • aswMBR

     

     

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.

Posted Image

 

  • On completion of the scan click save log, save it to your desktop and post in your next reply.

Posted Image

 

Please post the log in your next reply :)

 

Share this post


Link to post
Share on other sites

Hi JonTom. Thanks for all this.

 

Here is the aswMBR log:

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-11 17:14:30

-----------------------------

17:14:30.187 OS Version: Windows 5.1.2600 Service Pack 3

17:14:30.187 Number of processors: 4 586 0x170A

17:14:30.187 ComputerName: MARKC UserName: Mark

17:14:31.796 Initialize success

17:14:32.312 AVAST engine defs: 11091100

17:14:41.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path0Target0Lun0

17:14:41.203 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3

17:14:41.203 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7ef740e

17:14:41.234 Disk 0 MBR read successfully

17:14:41.234 Disk 0 MBR scan

17:14:41.234 Disk 0 Windows XP default MBR code

17:14:41.234 Disk 0 scanning sectors +1250242560

17:14:41.265 Disk 0 scanning C:\WINDOWS\system32\drivers

17:14:46.593 Service scanning

17:14:47.687 Modules scanning

17:16:41.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"

17:16:41.968 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"

 

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-09-11 17:17:29

-----------------------------

17:17:29.343 OS Version: Windows 5.1.2600 Service Pack 3

17:17:29.343 Number of processors: 4 586 0x170A

17:17:29.343 ComputerName: MARKC UserName: Mark

17:17:30.953 Initialize success

17:17:31.000 AVAST engine defs: 11091100

17:17:35.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path0Target0Lun0

17:17:35.843 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3

17:17:35.843 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7ef740e

17:17:35.875 Disk 0 MBR read successfully

17:17:35.875 Disk 0 MBR scan

17:17:35.875 Disk 0 Windows XP default MBR code

17:17:35.875 Disk 0 scanning sectors +1250242560

17:17:35.921 Disk 0 scanning C:\WINDOWS\system32\drivers

17:17:40.187 Service scanning

17:17:40.984 Modules scanning

17:19:43.359 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**

17:19:43.359 Disk 0 trace - called modules:

17:19:43.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys

17:19:43.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5d728]

17:19:43.390 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000062[0x8ac5e880]

17:19:43.390 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts2Port3Path0Target0Lun0[0x8ac5ea38]

17:19:44.656 AVAST engine scan C:\WINDOWS

17:19:55.828 AVAST engine scan C:\WINDOWS\system32

17:21:15.546 AVAST engine scan C:\WINDOWS\system32\drivers

17:21:31.781 AVAST engine scan C:\Documents and Settings\Mark

17:34:26.687 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS

17:35:35.812 Scan finished successfully

17:45:48.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"

17:45:48.671 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Lets take a closer look at that file being flagged by aswMBR:

 

 

  • SystemLook by JPShortstuff

     

     

  • Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
  • Double click SystemLook.exe to run the program.
  • Copy the content of the following codebox into the main textfield:

:filefind
*ntdll.dll*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt

You mentioned that you are still having difficulty running some programs:

 

I still can't run more of my programs/software - the exe icons in the start menu are still 'altered'

Please let me know which programs are altered and exactly what happens when you try to run them.

 

Share this post


Link to post
Share on other sites

Hi JonTom.

 

A variety of program icons are altered and will do different things.

 

For example:

Trying to run System Restore will result in a rstui.exe - bad image error (c:\WINDOWS\system32\DDRAW.dll), but it will still run

Trying to run System Information - GIves me a Help and SUpport error - Help and Support not runnning

Internet Explorer - Bad Image Error, but opens to homepage, but certain pages seem to be blocked (ie/ trying to navigate to Hotmail results in - Security Alert - you are about to view pages over a secure network, etc.. and then Cannot view this Page)

Trying to run Pinball (system game) - A black cmd box appears for a couple of seconds then disappears and... nothing

Most other programs - Nothing happens at all

 

Google Earth

Quicktime

ALL MS Office tools

All installed game software

more..

 

 

SYSTEMLOOK LOG:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 05:03 on 12/09/2011 by Mark

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*ntdll.dll*"

C:\cmdcons\SYSTEM32\NTDLL.DLL --a---- 708096 bytes [04:56 04/08/2004] [04:56 04/08/2004] BB5CBFFC096497506167BCE1D9690EF2

C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntdll.dll --a---- 718336 bytes [05:34 09/02/2011] [15:15 09/12/2010] 15CE4DBC22FAB90B3CA5352AF1FFF81C

C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntdll.dll --a---- 715264 bytes [22:11 12/06/2009] [10:01 09/02/2009] 2F868BFFBF50524653D7FE0D99AFB064

C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntdll.dll --a---- 714752 bytes [22:11 12/06/2009] [12:10 09/02/2009] 911DDF2E16761643A47225F654D811E5

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntdll.dll --a---- 715264 bytes [22:11 12/06/2009] [10:56 09/02/2009] B0913005EE3FC15D7F72472D0B8A30EB

C:\WINDOWS\$NtServicePackUninstall$\ntdll.dll -----c- 714752 bytes [01:32 04/06/2010] [10:20 09/02/2009] C06986B55981B355090DD34DE809E4BB

C:\WINDOWS\$NtUninstallKB2393802$\ntdll.dll -----c- 714752 bytes [08:00 09/02/2011] [12:10 09/02/2009] 911DDF2E16761643A47225F654D811E5

C:\WINDOWS\$NtUninstallKB956572$\ntdll.dll -----c- 706048 bytes [01:38 04/06/2010] [00:11 14/04/2008] 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F

C:\WINDOWS\$NtUninstallKB956572_0$\ntdll.dll -----c- 708096 bytes [02:47 13/06/2009] [14:02 12/08/2004] BB5CBFFC096497506167BCE1D9690EF2

C:\WINDOWS\ServicePackFiles\i386\ntdll.dll ------- 706048 bytes [00:11 14/04/2008] [00:11 14/04/2008] 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F

C:\WINDOWS\system32\ntdll.dll --a---- 718336 bytes [14:02 12/08/2004] [15:15 09/12/2010] F8F0D25CA553E39DDE485D8FC7FCCE89

C:\WINDOWS\system32\dllcache\ntdll.dll -----c- 718336 bytes [22:11 12/06/2009] [15:15 09/12/2010] F8F0D25CA553E39DDE485D8FC7FCCE89

 

-= EOF =-

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

I have been in touch with a number of malware experts about your machine and the problems it has.

 

The file being flagged by aswMBR appear to be legitimate.

 

I hate to say it, but I feel we may be fighting a loosing battle here :( This machine was heavily infected when you ran ComboFix the first time. Several system files were patched by malware, and after replacing them with clean copies your issues persist.

 

 

The Cryptography service on your machine are not working correctly and I am unable to pin down exactly why your installed program are unable to launch. Use of both SREng and Junction failed to provide a solution.

 

 

Considering the numerous problems that this machine has I believe the best way forward at this point would be to back up all of your important data and then try the following.

 

First, uninstall XP SP3 and then try a re-install using the instructions provided here (download the .iso file and make it into a disk): http://www.microsoft.com/download/en/details.aspx?id=25129

 

If you have problems uninstalling SP3 there is additional information provided here: http://support.microsoft.com/kb/950249

 

 

If this approach does not relieve the symptoms, I would then suggest a repair install (which will not remove any of your data).

 

If the repair install does not help then the best course of action would be (in my opinion) to perform a reformat and reinstallation of your Windows operating system.

 

I realise that this is not what you would like to hear, but considering the present state of the machine the above approaches are the best ones to take at this time.

Share this post


Link to post
Share on other sites

HI JonTom.

 

Well, that's not good news, but I thank you for the effort!

 

Would a System Restore do any good? I mean, right now is my PC 'clean', or can you even tell?

 

I've seen a number of XP exe file association 'fixers'... Any use in trying one of those?

Share this post


Link to post
Share on other sites
JonTom   

Hello El kabong

 

I mean, right now is my PC 'clean', or can you even tell?

Even though we have dealt with everything that the online scan has detected, bad image error messages can sometimes be related to malware. A system restore is worth a try - give it a go and see what happens.

 

I've seen a number of XP exe file association 'fixers'... Any use in trying one of those?

SREng is designed to fix file association problems. I provided you with instructions to use it. If you ran it and the problems were not fixed then it is unlikely that the problems with opening your software are related to broken file asociations. You could always try re-installing the software concerned but I am not convinced that this would solve the bad image error messages that you are receiving.

Share this post


Link to post
Share on other sites

Thanks for everything JonTom.

 

Tried a System Restore, but System Restore doesn't work. Couldn't fix SP3... So it's onto an attempted System Repair, and then I suspect the dreaded Format and start from scratch!

 

Thanks again

 

Elk

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Do back up all of your important stuff before going for the repair install or R+R.

 

Lets me know how you get on (and Good Luck) :)

 

JonTom

Share this post


Link to post
Share on other sites

Hi JonTom.

 

Looks like a repair install did the trick. Sort of...

Haven't had any bad image errors. All system tools are back. I wasn't able to recover most of my software exe's, that means re-installation of some programs (but it also helps me cull the ones I never use anymore ;).

 

Still troubleshooting some things. If I start my system without the internet connected, fine. But it slows to a dead crawl when I connect (or start up) with my modem connected. Sometimes even a BSOD after sometime waiting. According to the Task Manager (when I can open it), it's not CPU taxing and there's no modem activity... Eventually (if no BSOD), the system runs normally, but it takes a long while to get to that point. May be a driver problem somewhere...

 

Anyway, Thanks for all the help!

 

Elk

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Glad to hear that things are getting a little better.

 

You should still have DDS installed on your machine.

 

Please scan your system with DDS again and post both logs for me to review :)

Share this post


Link to post
Share on other sites

Hi JonTom.

 

Definitely some hopeful signs...

 

Here are the DDS logs.

 

 

DDS Log:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Mark at 18:55:58 on 2011-09-19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2203 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Garmin\ANT Agent\ANT Agent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{752F14E1-309A-4B3D-879C-E7572779E215} : DhcpNameServer = 192.168.2.1 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\gvk0n3rj.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cfbef19&v=7.007.026.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=

FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-30 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-30 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-30 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-30 44768]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 135664]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-18 25832]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 135664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-09-19 11:05:26 -------- d-sh--w- c:\documents and settings\mark\IECompatCache

2011-09-18 22:30:06 -------- d-----w- c:\program files\common files\Steam

2011-09-18 22:30:04 -------- d-----w- c:\program files\Steam

2011-09-18 22:15:53 -------- d-----w- c:\windows\pss

2011-09-17 22:45:31 -------- d-----w- c:\windows\ie8updates

2011-09-17 22:41:51 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2011-09-17 22:41:28 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-09-17 22:41:16 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-09-17 22:41:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-09-17 22:40:16 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-09-17 22:35:19 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-09-17 22:33:59 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-09-17 21:54:28 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll

2011-09-17 21:54:28 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-09-17 21:54:28 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-09-17 21:54:24 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2011-09-17 21:54:24 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-09-17 21:50:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-09-17 21:50:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-09-17 21:50:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-09-17 21:50:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-09-17 21:50:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-09-17 21:50:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-09-17 21:50:44 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-09-17 21:49:55 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-09-17 21:49:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-09-17 21:49:47 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2011-09-17 20:01:12 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-09-17 20:01:12 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-09-17 20:01:08 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2011-09-17 16:08:51 -------- d-sh--w- c:\documents and settings\mark\PrivacIE

2011-09-17 16:07:26 -------- d-sh--w- c:\documents and settings\mark\IETldCache

2011-09-17 16:05:13 -------- dc-h--w- c:\windows\ie8

2011-09-16 04:07:44 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-09-16 04:06:22 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-09-16 04:06:13 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-09-16 04:05:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-09-16 04:05:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-09-16 04:05:23 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2011-09-16 04:05:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2011-09-16 04:05:23 110592 -c----w- c:\windows\system32\dllcache\services.exe

2011-09-16 04:05:22 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2011-09-16 04:05:22 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2011-09-16 04:05:22 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-09-16 04:05:22 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2011-09-16 04:00:15 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-09-16 03:58:17 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-09-16 03:57:03 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-09-15 23:54:59 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll

2011-09-15 23:52:32 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-09-15 23:52:32 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-09-15 23:24:22 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-09-15 23:24:22 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-09-15 23:24:22 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-09-15 23:24:22 13312 ----a-w- c:\windows\system32\irclass.dll

2011-09-15 23:23:58 13753 ----a-r- c:\windows\SET125.tmp

2011-09-15 23:23:55 1086058 ----a-r- c:\windows\SET119.tmp

2011-09-15 23:23:54 1042903 ----a-r- c:\windows\SET116.tmp

2011-09-15 02:32:22 -------- d-----w- c:\documents and settings\all users.windows\application data\MemeoCommon

2011-09-14 23:32:01 -------- d-----w- c:\program files\Memeo

2011-09-10 23:26:45 150392 ----a-w- C:\junction.exe

2011-09-09 22:14:29 -------- d-----w- C:\_OTM

2011-09-09 00:32:24 -------- d-----w- c:\program files\ESET

2011-09-08 22:38:41 -------- d-s---w- C:\ComboFix

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 22:45:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 00:48:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-31 00:47:42 41184 ----a-w- c:\windows\avastSS.scr

2011-08-31 00:47:37 -------- d-----w- c:\program files\AVAST Software

2011-08-31 00:47:37 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software

2011-08-30 02:16:05 -------- d-----w- c:\documents and settings\mark\application data\Malwarebytes

2011-08-30 02:15:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 02:15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-30 02:15:50 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes

2011-08-30 00:01:01 -------- d-sha-r- C:\cmdcons

2011-08-29 23:56:54 98816 ----a-w- c:\windows\sed.exe

2011-08-29 23:56:54 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 23:56:54 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 23:56:54 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2011-09-16 23:25:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 18:57:34.73 ===============

 

 

DDS ATTACH Log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/15/2011 7:56:06 PM

System Uptime: 9/18/2011 2:25:52 PM (28 hours ago)

.

Motherboard: EVGA | | nForce 750i SLI

Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 596 GiB total, 215.392 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 9/15/2011 10:31:20 PM - System Checkpoint

RP2: 9/16/2011 3:00:18 AM - Software Distribution Service 3.0

RP3: 9/16/2011 7:25:43 PM - SPTD setup V1.62

RP4: 9/16/2011 7:43:36 PM - Software Distribution Service 3.0

RP5: 9/16/2011 10:20:13 PM - Software Distribution Service 3.0

RP6: 9/17/2011 9:32:21 AM - Software Distribution Service 3.0

RP7: 9/17/2011 10:02:05 AM - Installed Windows XP KB932823-v3.

RP8: 9/17/2011 12:05:33 PM - Installed Windows Internet Explorer 8.

RP9: 9/17/2011 3:50:51 PM - Software Distribution Service 3.0

RP10: 9/17/2011 4:02:17 PM - Software Distribution Service 3.0

RP11: 9/17/2011 6:44:41 PM - Software Distribution Service 3.0

RP12: 9/17/2011 8:47:54 PM - Software Distribution Service 3.0

RP13: 9/18/2011 6:30:04 PM - Installed Steam

RP14: 9/19/2011 6:41:07 PM - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 4.65

Acrobat.com

Across Canada Trails 5.02 105.02

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed II

avast! Free Antivirus

Bonjour

Borderlands

Definition update for Microsoft Office 2010 (KB982726)

Diablo II

Disciples III

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Dragon Age: Origins

DVD Flick 1.3.0.7

DVD Suite

EasyGPS 2.7.5

ESET Online Scanner v3

EVGA Precision 1.4.0

Fallout 3

Fallout 3 - Unofficial Fallout 3 Patch

Fallout Mod Manager 0.13.21

Fallout Mod Manager 0.9.15

Fallout New Vegas

Fraps

Garmin MapSource

Garmin POI Loader

Garmin Training Center

Garmin USB Drivers

GATES TO AESGAARD - Episode 1

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Ivellon 1.5 English

IZArc 4.0 beta 1

jZip

Malwarebytes' Anti-Malware version 1.51.2.1300

Mass Effect 2

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Mirror's Edge™

Morrowind

Mozilla Firefox 4.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Nero 7 Essentials

neroxml

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

Oblivion

Oblivion mod manager 1.1.11

PowerDVD

PowerProducer

ProtectDisc Driver, Version 11

QuickTime

Realtek High Definition Audio Driver

SecurDisc Viewer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Steam

TES Construction Set

The Sims™ 3

Ubisoft Game Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Web Games Player Plugin

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format Runtime

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

9/19/2011 4:46:35 PM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts2.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
JonTom   

Hello El kabong

 

That log is looking much better.

 

Can you confirm to me that you are no longer using AVG?

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Perhaps some vestiges causing havok you think?

:) Not quite causing havoc, but certainly something that should be taken care of.

 

The repair install has fixed the bad image error message issues and your wmi issues, but AVG is still appears to be registered (even though it is absent from your uninstall list).

 

  • Please do the following

     

     

  • Click on "Start" and then on "Run".
  • A Run box will open.
  • Type wbemtest into the Run box and click on OK.
  • Connect to root\SecurityCenter (you may need to type this in - please make sure you type SecurityCenter and NOT SecurityCentre).
  • Click on the Query button.
  • Type in or copy/paste SELECT * FROM AntiVirusProduct and click on Apply (If typing please note the spaces).
  • If there is more than one result displayed, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed (In your case it would be AVG)...

     

  • Please use the animated figure below as a guide to the procedure:

Posted Image

 

 

[*]Please open OTL

 

 

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
    

     

  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Lets run one final online scan to check for any leftovers.

 

[*]Please perform the following scan(s)

 

 

  • Please perform this scan using Internet Explorer.
  • This scan can take up to an hour or longer, please be patient.

  • It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
  • DO NOT surf the net while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.

 

  • Please perform an online scan with Panda Active Scan 2.0 by clicking here.

  • Click on the "Scan Your PC" button.
  • A screen will appear. It will look like this:
  • Click on "Register".
  • Choose the option you like most, but we recommend "Free Active Scan 2.0 (requires registration)".
  • Click on "Register".
  • Enter your e-mail address and create a password.

     

  • Select "I do not want to receive any type of information" (unless you want to receive such information).
  • Click on "Send".
  • Confirm your registration and continue by entering your user name and password, then click on "Enter".
  • Select "Full Scan", then Click on "Scan Now".

     

     

  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading.
  • If the scan finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect.
  • Please ignore the offer to buy the program.
  • Click on the "Export To" button to export the log and save it to your desktop.

Please post the OTL log, the Panda log and a new DDS.txt log in your next reply :)

Share this post


Link to post
Share on other sites

Hi JonTom.

 

Sorry for the long delay. I had a hell of a time with OTL... And then the Start-up issue I mentioned, made things very slow going.

 

I removed the extra anti-virus (AVG) via wbemtest.

 

OTL reboot - Extremely long time to shut down Windows (I mean hours). See Log below.

 

Have not had any luck running Panda Active Scan 2.0. As soon as the site attempts to instal the program -> IE becomes unresponsive (checked in Task Manager). I will continue to attempt getting to run.

 

 

OTL Log:

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 7542149 bytes

->FireFox cache emptied: 16640395 bytes

->Flash cache emptied: 456 bytes

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService.NT AUTHORITY

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Mark

->Temp folder emptied: 574612243 bytes

->Temporary Internet Files folder emptied: 96246871 bytes

->FireFox cache emptied: 105030804 bytes

->Google Chrome cache emptied: 6492288 bytes

->Flash cache emptied: 3713 bytes

 

User: Mark C

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 593214 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 20733217 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 21042 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2470299711 bytes

 

Total Files Cleaned = 3,148.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: All Users.WINDOWS

 

User: Default User

 

User: Default User.WINDOWS

 

User: LocalService

 

User: LocalService.NT AUTHORITY

 

User: Mark

->Flash cache emptied: 0 bytes

 

User: Mark C

 

User: NetworkService

 

User: NetworkService.NT AUTHORITY

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.27.0 log created on 09202011_191612

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Good job de-registering AVG :tup:

 

If Panda is giving you prolems lets try ESET again (instructins are provided in post 26).

 

If ESET runs okay, please post the log along with a DDS log in your next reply :)

Share this post


Link to post
Share on other sites

Hi JonTom.

 

ESET seems to work.

 

Here are the required logs

 

 

ESETscan:

 

C:\_OTM\MovedFiles\09092011_181429\C_Documents and Settings\Mark\My Documents\Downloads\Assassins.Creed.II-SKIDROW\sr-acii.iso a variant of Win32/Packed.VMProtect.AAA trojan

 

 

DDS LOG:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Mark at 7:02:27 on 2011-09-23

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2301 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{752F14E1-309A-4B3D-879C-E7572779E215} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\gvk0n3rj.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cfbef19&v=7.007.026.001&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=

FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-30 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-30 320856]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-30 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-30 44768]

S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 135664]

S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-18 25832]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 135664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-09-21 23:44:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-09-21 23:44:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-09-20 23:16:12 -------- d-----w- C:\_OTL

2011-09-19 11:05:26 -------- d-sh--w- c:\documents and settings\mark\IECompatCache

2011-09-18 22:30:06 -------- d-----w- c:\program files\common files\Steam

2011-09-18 22:30:04 -------- d-----w- c:\program files\Steam

2011-09-18 22:15:53 -------- d-----w- c:\windows\pss

2011-09-17 22:45:31 -------- d-----w- c:\windows\ie8updates

2011-09-17 22:41:51 692736 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2011-09-17 22:41:28 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-09-17 22:41:16 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-09-17 22:41:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-09-17 22:40:16 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-09-17 22:35:19 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-09-17 22:33:59 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-09-17 21:54:28 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll

2011-09-17 21:54:28 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-09-17 21:54:28 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-09-17 21:54:24 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2011-09-17 21:54:24 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-09-17 21:50:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-09-17 21:50:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-09-17 21:50:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-09-17 21:50:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-09-17 21:50:52 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-09-17 21:50:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-09-17 21:50:44 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-09-17 21:49:55 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-09-17 21:49:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-09-17 21:49:47 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2011-09-17 20:01:12 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2011-09-17 20:01:12 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2011-09-17 20:01:08 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2011-09-17 16:08:51 -------- d-sh--w- c:\documents and settings\mark\PrivacIE

2011-09-17 16:07:26 -------- d-sh--w- c:\documents and settings\mark\IETldCache

2011-09-17 16:05:13 -------- dc-h--w- c:\windows\ie8

2011-09-16 04:07:44 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-09-16 04:06:22 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-09-16 04:06:13 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-09-16 04:05:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-09-16 04:05:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-09-16 04:05:23 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2011-09-16 04:05:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2011-09-16 04:05:23 110592 -c----w- c:\windows\system32\dllcache\services.exe

2011-09-16 04:05:22 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2011-09-16 04:05:22 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2011-09-16 04:05:22 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-09-16 04:05:22 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2011-09-16 04:00:15 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-09-16 03:58:17 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-09-16 03:57:03 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-09-15 23:54:59 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll

2011-09-15 23:52:32 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-09-15 23:52:32 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2011-09-15 23:24:22 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-09-15 23:24:22 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-09-15 23:24:22 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-09-15 23:24:22 13312 ----a-w- c:\windows\system32\irclass.dll

2011-09-15 02:32:22 -------- d-----w- c:\documents and settings\all users.windows\application data\MemeoCommon

2011-09-14 23:32:01 -------- d-----w- c:\program files\Memeo

2011-09-10 23:26:45 150392 ----a-w- C:\junction.exe

2011-09-09 22:14:29 -------- d-----w- C:\_OTM

2011-09-09 00:32:24 -------- d-----w- c:\program files\ESET

2011-09-08 22:38:41 -------- d-s---w- C:\ComboFix

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 22:45:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 00:48:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-08-31 00:47:42 41184 ----a-w- c:\windows\avastSS.scr

2011-08-31 00:47:37 -------- d-----w- c:\program files\AVAST Software

2011-08-31 00:47:37 -------- d-----w- c:\documents and settings\all users.windows\application data\AVAST Software

2011-08-30 02:16:05 -------- d-----w- c:\documents and settings\mark\application data\Malwarebytes

2011-08-30 02:15:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 02:15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-30 02:15:50 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes

2011-08-30 00:01:01 -------- d-sha-r- C:\cmdcons

2011-08-29 23:56:54 98816 ----a-w- c:\windows\sed.exe

2011-08-29 23:56:54 518144 ----a-w- c:\windows\SWREG.exe

2011-08-29 23:56:54 256000 ----a-w- c:\windows\PEV.exe

2011-08-29 23:56:54 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2011-09-16 23:25:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

.

============= FINISH: 7:03:49.81 ===============

 

 

DDS Attach Log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 9/15/2011 7:56:06 PM

System Uptime: 9/21/2011 4:11:00 PM (39 hours ago)

.

Motherboard: EVGA | | nForce 750i SLI

Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 596 GiB total, 217.822 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 9/15/2011 10:31:20 PM - System Checkpoint

RP2: 9/16/2011 3:00:18 AM - Software Distribution Service 3.0

RP3: 9/16/2011 7:25:43 PM - SPTD setup V1.62

RP4: 9/16/2011 7:43:36 PM - Software Distribution Service 3.0

RP5: 9/16/2011 10:20:13 PM - Software Distribution Service 3.0

RP6: 9/17/2011 9:32:21 AM - Software Distribution Service 3.0

RP7: 9/17/2011 10:02:05 AM - Installed Windows XP KB932823-v3.

RP8: 9/17/2011 12:05:33 PM - Installed Windows Internet Explorer 8.

RP9: 9/17/2011 3:50:51 PM - Software Distribution Service 3.0

RP10: 9/17/2011 4:02:17 PM - Software Distribution Service 3.0

RP11: 9/17/2011 6:44:41 PM - Software Distribution Service 3.0

RP12: 9/17/2011 8:47:54 PM - Software Distribution Service 3.0

RP13: 9/18/2011 6:30:04 PM - Installed Steam

RP14: 9/19/2011 6:41:07 PM - System Checkpoint

RP15: 9/20/2011 7:08:38 PM - System Checkpoint

RP16: 9/21/2011 3:00:12 AM - Software Distribution Service 3.0

RP17: 9/22/2011 3:32:45 AM - System Checkpoint

RP18: 9/23/2011 4:32:15 AM - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 4.65

Acrobat.com

Across Canada Trails 5.02 105.02

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assassin's Creed II

avast! Free Antivirus

Bonjour

Borderlands

Definition update for Microsoft Office 2010 (KB982726)

Diablo II

Disciples III

DivX Converter

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

Dragon Age: Origins

DVD Flick 1.3.0.7

DVD Suite

EasyGPS 2.7.5

ESET Online Scanner v3

EVGA Precision 1.4.0

Fallout 3

Fallout 3 - Unofficial Fallout 3 Patch

Fallout Mod Manager 0.13.21

Fallout Mod Manager 0.9.15

Fallout New Vegas

Fraps

Garmin MapSource

Garmin POI Loader

Garmin Training Center

Garmin USB Drivers

GATES TO AESGAARD - Episode 1

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

Ivellon 1.5 English

IZArc 4.0 beta 1

jZip

Malwarebytes' Anti-Malware version 1.51.2.1300

Mass Effect 2

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Mirror's Edge™

Morrowind

Mozilla Firefox 6.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Nero 7 Essentials

neroxml

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

Oblivion

Oblivion mod manager 1.1.11

PowerDVD

PowerProducer

ProtectDisc Driver, Version 11

QuickTime

Realtek High Definition Audio Driver

SecurDisc Viewer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Steam

TES Construction Set

The Sims™ 3

Ubisoft Game Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Web Games Player Plugin

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format Runtime

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

.

==== Event Viewer Messages From Past Week ========

.

9/23/2011 2:25:26 AM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts2.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
JonTom   

Hello El Kabong

 

Your DDS logs appears to be clean :)

 

Considering the problems this machine had, I think we have just about done everything we can barring a full reformat and reinstallation of the operating system.

 

ESET has detected the file we removed with OTM. This will be taken care of when we remove our tools.

 

If you require further assistance with your system speed/connection issues please feel free to create a new thread in our Networking, Email, and Internet Connections forum.

 

Alternatively, our sister site has a team of dedicated Tech helpers that will be able to provide you with additional assistance: WTT Microsoft Windows forum.

 

Lets remove our tools in the steps below:

 

  • Please Uninstall Combofix

     

     

    • Click on "Start" and then on "Run".
    • Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.

  • Please perform the following cleanup procedure

     

     

    • Double click on the OTM.exe icon on your desktop to run the program.
    • Once OTM has opened, click on the "CleanUp!" button.
    • Follow any prompts that you receive.

  • Removal of Tools

     

     

    • Please delete the following tools from your machine: aswMBR, Junction, SystemLook, TDSSKiller, SREng.

  • Re-enable your drivers

     

     

    • To re-enable your Emulation drivers, double click on DeFogger to run the tool.
    • The application window will appear.
    • Click the Re-enable button to re-enable your CD Emulation drivers.
    • Click Yes to continue
    • A 'Finished!' message will appear.
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.

     

     

    Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.

     

  • Finally, please take the time to read through the information provided below:

     

    Enhance your System Security

     

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.

    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.

    Web Browsers and Browser Security

     

    Firefox

    • You can download Firefox from here.

    No-Script

    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.

    Internet Explorer

    • The newest version of Internet Explorer is available from here.
    • Please Note: IE9 is not configured to run on XP machines.

    SpywareBlaster

    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.

    Web of Trust

    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.

    Keep your Software Updated

    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.

    Passwords

    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.

    General Reading

    Learn How To Combat Malware

    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×