TechSpot

[A] System Check Virus

By mikeinsc81
Jan 10, 2012
  1. Hey all, looks like I have the System Check virus. I have done the Malwarebytes scan, and avast, and it now looks like I have limited access (web browsing, etc) so I'm able to paste these logs. Thanx so much for all your help!

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.09.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mikey :: BLACK-ROCK [administrator]

    Protection: Enabled

    1/10/2012 1:18:45 AM
    mbam-log-2012-01-10 (01-18-45).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 350064
    Time elapsed: 6 hour(s), 26 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Privacy Protection (Rogue.PrvacyProtect) -> Data: C:\Documents and Settings\All Users\Application Data\privacy.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 7
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 21
    C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\ConvertXToDVD 3.1.3.40d\ConvertXToDVD 3.1.3.40d\keYgeN\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
    C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\WinRAR Torrent\WinRAR 3.71 Corporate Edition.exe (Trojan.Dropper) -> No action taken.
    C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\Xingtone.Ringtone.Maker.v4.2.16-TE\Crack\XingtoneRingtoneMaker4x_GOLD_Crack_b3.exe (RiskWare.Tool.CK) -> No action taken.
    C:\Documents and Settings\Mikey\My Documents\My Pictures\New Folder\Torrent Downloadz\quick time keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
    C:\GAMES\iPhone\Sonic.The.Hedgehog.v1.0.iPhone.iPod.Touch-COREPDA\cr-son10\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
    C:\GAMES\iPhone\The.Secret.Of.Monkey.Island.Special.Edition.v1.0.iPhone.iPod.Touch-COREPDA\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.
    C:\GAMES\On E Drive\Games\Empire Earth II\rld-ee2kg.exe (Trojan.Downloader) -> No action taken.
    C:\GAMES\On E Drive\Games\Hitman - Codename 47\Hitman.Exe (Trojan.FakeAlert) -> No action taken.
    C:\GAMES\On E Drive\Games\Hitman - Codename 47\BACKUP\Hitman.exe (Trojan.FakeAlert) -> No action taken.
    C:\GAMES\On E Drive\Games\LucasArts\Star Wars Battlefront II\GameData\pztrain.exe (Malware.Gen) -> No action taken.
    C:\GAMES\On E Drive\Games\LucasArts\Star Wars Battlefront II\TRAINERS\StarWarsBattlefront2PLUS9Trainer\pztrain.exe (Malware.Gen) -> No action taken.
    C:\GAMES\On E Drive\Games\LucasArts\SWKotOR2\BACKUP\StarWarsKnightsOfTheOldRepublic2SithLordsPLUS18Trainer\agskttrn.exe (Malware.Packer.as) -> No action taken.
    C:\GAMES\On E Drive\Games\Rockstar Games\GrandTheftAutoSanAndreasPLUS27Trainer\pztrain.exe (Malware.Gen) -> No action taken.
    C:\Torrentz\Torrent Downloadz\ConvertXToDVD 3.1.3.40d\ConvertXToDVD 3.1.3.40d\keYgeN\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
    C:\Torrentz\Torrent Downloadz\WinRAR Torrent\WinRAR 3.71 Corporate Edition.exe (Trojan.Dropper) -> No action taken.
    C:\Torrentz\Torrent Downloadz\Xingtone.Ringtone.Maker.v4.2.16-TE\Crack\XingtoneRingtoneMaker4x_GOLD_Crack_b3.exe (RiskWare.Tool.CK) -> No action taken.
    C:\Torrentz\Torrent Downloadz\quick time keygen\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
    C:\Torrentz\Torrent Downloadz\Nero 8.3.2.1 + Keygen - HeartBug\Keygen\keygen.exe (Trojan.Agent) -> No action taken.
    C:\Torrentz\WinRAR 4.01 + Keygen Forever\keygen.exe (RiskWare.Tool.CK) -> No action taken.
    C:\System Volume Information\_restore{76FA9A9F-899F-444A-A40D-6C3EF9E95007}\RP167\A0037804.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{76FA9A9F-899F-444A-A40D-6C3EF9E95007}\RP167\A0037805.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-10 11:46:28
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD20EARS-07MVWB0 rev.51.0AB51
    Running: l7jtmsjv.exe; Driver: C:\DOCUME~1\Mikey\LOCALS~1\Temp\ugryiaog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA6EDABDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA6EDAA45]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA6F577A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
    Run by Mikey at 11:48:58 on 2012-01-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2077 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

    files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program

    files\somototoolbar\vmntemplateX.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast

    software\avast\aswWebRepIE.dll
    BHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} -

    c:\progra~1\videod~1\VIDEOD~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

    files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

    files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program

    files\somototoolbar\vmntemplateX.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast

    software\avast\aswWebRepIE.dll
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Google Update] "c:\documents and settings\mikey\local settings\application

    data\google\update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dPolicies-explorer: NoDesktop = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program

    files\bonjour\ExplorerPlugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{D5C0433E-FD51-46E2-A801-BFB0C915C7C8} : DhcpNameServer = 192.168.1.254
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\mikey\application

    data\mozilla\firefox\profiles\wozqpz80.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\documents and settings\mikey\application

    data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlayS

    ushiFF.dll
    FF - plugin: c:\documents and settings\mikey\local settings\application

    data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\mikey\local settings\application

    data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-9 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-9 314456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-22

    239168]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18

    165648]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-9 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-9

    44768]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-8

    652872]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-8 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-10 40776]
    S1 MpKsl40c1afd9;MpKsl40c1afd9;\??\c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl40c1afd9.sys --> c:\documents and settings\all

    users\application data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl40c1afd9.sys [?]
    S1 MpKsl472e53ba;MpKsl472e53ba;\??\c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl472e53ba.sys --> c:\documents and settings\all

    users\application data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl472e53ba.sys [?]
    S1 MpKsl6a88b5d0;MpKsl6a88b5d0;\??\c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl6a88b5d0.sys --> c:\documents and settings\all

    users\application data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl6a88b5d0.sys [?]
    S1 MpKsl71a10131;MpKsl71a10131;\??\c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl71a10131.sys --> c:\documents and settings\all

    users\application data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl71a10131.sys [?]
    S1 MpKsl8accf6df;MpKsl8accf6df;\??\c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpksl8accf6df.sys --> c:\documents and settings\all

    users\application data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKsl8accf6df.sys [?]
    S1 MpKslc4309008;MpKslc4309008;\??\c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\mpkslc4309008.sys --> c:\documents and settings\all

    users\application data\microsoft\microsoft antimalware\definition

    updates\{00893bb8-6958-4a96-9c07-e8d0641b623a}\MpKslc4309008.sys [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    UnknownUnknown mcpxrbar;mcpxrbar; [x]
    .
    =============== Created Last 30 ================
    .
    2012-01-10 19:47:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-01-10 19:00:54 56200 ----a-w- c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{9efcc7d4-9608-4754-b544-a9b791528f83}\offreg.dll
    2012-01-10 08:35:52 6823496 ----a-w- c:\documents and settings\all users\application

    data\microsoft\microsoft antimalware\definition

    updates\{9efcc7d4-9608-4754-b544-a9b791528f83}\mpengine.dll
    2012-01-09 21:06:27 -------- d-----w- c:\documents and settings\mikey\application

    data\Malwarebytes
    2012-01-09 08:33:46 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-09 08:33:23 41184 ----a-w- c:\windows\avastSS.scr
    2012-01-09 08:33:06 -------- d-----w- c:\program files\AVAST Software
    2012-01-09 08:33:06 -------- d-----w- c:\documents and settings\all users\application

    data\AVAST Software
    2012-01-09 07:43:24 -------- d-----w- c:\documents and settings\all users\application

    data\Malwarebytes
    2012-01-09 07:43:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-09 07:43:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-09 06:02:22 522766 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-01-02 06:13:03 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-02 06:13:03 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-02 06:13:03 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-02 06:13:02 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
    2011-12-15 07:52:35 -------- d--h--w- c:\program files\Elder Scrolls III - Morrowind
    2011-12-15 07:52:20 -------- d--h--w- c:\program files\Morrowind
    2011-12-15 00:02:07 -------- d--h--w- c:\program files\Risk Factions
    .
    ==================== Find3M ====================
    .
    2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
    2011-11-22 18:42:52 239168 ---ha-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-11-06 14:12:26 28 ---ha-w- c:\windows\system32\vfw_32.reg
    2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ---ha-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ---ha-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ---ha-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ---ha-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-22 23:06:18 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-18 11:13:22 186880 ---ha-w- c:\windows\system32\encdec.dll
    .
    ============= FINISH: 11:50:49.79 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/23/2011 10:35:08 PM
    System Uptime: 1/10/2012 11:00:16 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0GX297
    Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz | Microprocessor | 1794/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 1863 GiB total, 801.006 GiB free.
    D: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP64: 10/11/2011 12:50:23 PM - System Checkpoint
    RP65: 10/12/2011 4:12:10 AM - Installed Jordy Video Downloader 1.03.
    RP66: 10/13/2011 6:00:29 AM - System Checkpoint
    RP67: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0
    RP68: 10/15/2011 3:52:08 AM - System Checkpoint
    RP69: 10/15/2011 7:30:48 PM - Installed Adobe Reader X (10.1.1).
    RP70: 10/16/2011 8:13:24 PM - System Checkpoint
    RP71: 10/17/2011 8:33:17 PM - System Checkpoint
    RP72: 10/18/2011 8:45:17 PM - System Checkpoint
    RP73: 10/19/2011 9:33:17 PM - System Checkpoint
    RP74: 10/21/2011 12:12:26 AM - System Checkpoint
    RP75: 10/22/2011 7:12:45 AM - System Checkpoint
    RP76: 10/23/2011 7:34:33 AM - System Checkpoint
    RP77: 10/24/2011 3:00:16 AM - Software Distribution Service 3.0
    RP78: 10/25/2011 4:10:44 AM - System Checkpoint
    RP79: 10/26/2011 9:09:03 AM - System Checkpoint
    RP80: 10/27/2011 10:06:17 PM - System Checkpoint
    RP81: 10/28/2011 10:42:49 PM - System Checkpoint
    RP82: 10/30/2011 5:19:12 AM - System Checkpoint
    RP83: 10/31/2011 5:50:59 AM - System Checkpoint
    RP84: 11/1/2011 5:59:43 AM - System Checkpoint
    RP85: 11/2/2011 8:19:40 AM - System Checkpoint
    RP86: 11/3/2011 8:33:39 AM - System Checkpoint
    RP87: 11/4/2011 11:18:57 AM - System Checkpoint
    RP88: 11/4/2011 10:41:55 PM - Installed Bonjour
    RP89: 11/5/2011 9:51:01 PM - System Checkpoint
    RP90: 11/6/2011 6:08:30 AM - Installed Xingtone Ringtone Maker
    RP91: 11/7/2011 10:16:55 AM - System Checkpoint
    RP92: 11/8/2011 1:55:41 PM - System Checkpoint
    RP93: 11/9/2011 3:00:15 AM - Software Distribution Service 3.0
    RP94: 11/10/2011 7:34:29 AM - System Checkpoint
    RP95: 11/11/2011 7:57:41 AM - System Checkpoint
    RP96: 11/11/2011 2:09:30 PM - Installed ISO Recorder
    RP97: 11/12/2011 3:00:16 AM - Software Distribution Service 3.0
    RP98: 11/13/2011 4:04:12 AM - System Checkpoint
    RP99: 11/14/2011 4:34:55 AM - System Checkpoint
    RP100: 11/15/2011 4:57:52 AM - System Checkpoint
    RP101: 11/16/2011 5:08:08 AM - System Checkpoint
    RP102: 11/17/2011 5:57:43 AM - System Checkpoint
    RP103: 11/17/2011 6:17:58 PM - Removed Jordy Video Downloader 1.03.
    RP104: 11/18/2011 6:26:56 PM - System Checkpoint
    RP105: 11/19/2011 6:27:28 PM - System Checkpoint
    RP106: 11/20/2011 9:22:18 PM - System Checkpoint
    RP107: 11/21/2011 9:25:50 PM - System Checkpoint
    RP108: 11/22/2011 10:52:09 AM - Installed DirectX
    RP109: 11/23/2011 3:00:14 AM - Software Distribution Service 3.0
    RP110: 11/24/2011 5:12:04 AM - System Checkpoint
    RP111: 11/25/2011 5:39:51 AM - System Checkpoint
    RP112: 11/25/2011 10:28:05 PM - Restore Operation
    RP113: 11/27/2011 12:52:04 AM - System Checkpoint
    RP114: 11/28/2011 5:08:55 AM - System Checkpoint
    RP115: 11/29/2011 8:02:46 AM - System Checkpoint
    RP116: 11/30/2011 2:07:23 PM - System Checkpoint
    RP117: 11/30/2011 11:09:23 PM - Software Distribution Service 3.0
    RP118: 11/30/2011 11:15:41 PM - Installed AVG 2012
    RP119: 11/30/2011 11:17:02 PM - Installed AVG 2012
    RP120: 12/2/2011 6:08:49 PM - Software Distribution Service 3.0
    RP121: 12/4/2011 8:02:38 PM - Removed AVG 2012
    RP122: 12/4/2011 8:06:44 PM - Removed AVG 2012
    RP123: 12/5/2011 3:00:17 AM - Software Distribution Service 3.0
    RP124: 12/5/2011 12:40:33 PM - Software Distribution Service 3.0
    RP125: 12/6/2011 12:33:10 PM - Software Distribution Service 3.0
    RP126: 12/7/2011 12:41:00 PM - Software Distribution Service 3.0
    RP127: 12/8/2011 12:35:43 PM - Software Distribution Service 3.0
    RP128: 12/9/2011 12:30:11 PM - Software Distribution Service 3.0
    RP129: 12/10/2011 6:07:23 PM - Software Distribution Service 3.0
    RP130: 12/11/2011 2:04:37 AM - Software Distribution Service 3.0
    RP131: 12/12/2011 2:09:10 AM - System Checkpoint
    RP132: 12/12/2011 9:11:14 AM - Software Distribution Service 3.0
    RP133: 12/13/2011 9:10:22 AM - Software Distribution Service 3.0
    RP134: 12/14/2011 9:11:29 AM - Software Distribution Service 3.0
    RP135: 12/14/2011 11:52:47 PM - Installed Morrowind
    RP136: 12/15/2011 12:20:30 AM - Installed Bloodmoon
    RP137: 12/15/2011 12:36:20 AM - Installed Tribunal
    RP138: 12/15/2011 3:00:16 AM - Software Distribution Service 3.0
    RP139: 12/15/2011 12:26:47 PM - Software Distribution Service 3.0
    RP140: 12/16/2011 12:08:49 PM - Software Distribution Service 3.0
    RP141: 12/17/2011 12:08:50 PM - Software Distribution Service 3.0
    RP142: 12/18/2011 1:43:12 AM - Software Distribution Service 3.0
    RP143: 12/18/2011 12:08:50 PM - Software Distribution Service 3.0
    RP144: 12/19/2011 12:08:47 PM - Software Distribution Service 3.0
    RP145: 12/20/2011 12:08:48 PM - Software Distribution Service 3.0
    RP146: 12/21/2011 12:08:49 PM - Software Distribution Service 3.0
    RP147: 12/22/2011 12:08:56 PM - Software Distribution Service 3.0
    RP148: 12/23/2011 12:08:50 PM - Software Distribution Service 3.0
    RP149: 12/24/2011 12:40:52 PM - System Checkpoint
    RP150: 12/25/2011 2:07:34 AM - Software Distribution Service 3.0
    RP151: 12/25/2011 6:35:05 AM - Software Distribution Service 3.0
    RP152: 12/26/2011 6:35:03 AM - Software Distribution Service 3.0
    RP153: 12/27/2011 6:35:02 AM - Software Distribution Service 3.0
    RP154: 12/28/2011 6:35:05 AM - Software Distribution Service 3.0
    RP155: 12/29/2011 6:36:48 AM - Software Distribution Service 3.0
    RP156: 12/30/2011 6:34:59 AM - Software Distribution Service 3.0
    RP157: 12/31/2011 6:34:56 AM - Software Distribution Service 3.0
    RP158: 1/1/2012 1:38:46 AM - Software Distribution Service 3.0
    RP159: 1/1/2012 4:17:46 PM - Software Distribution Service 3.0
    RP160: 1/2/2012 4:17:41 PM - Software Distribution Service 3.0
    RP161: 1/3/2012 4:17:41 PM - Software Distribution Service 3.0
    RP162: 1/4/2012 4:17:44 PM - Software Distribution Service 3.0
    RP163: 1/5/2012 4:17:50 PM - Software Distribution Service 3.0
    RP164: 1/6/2012 4:18:05 PM - Software Distribution Service 3.0
    RP165: 1/7/2012 3:00:16 AM - Software Distribution Service 3.0
    RP166: 1/8/2012 3:39:37 AM - System Checkpoint
    RP167: 1/8/2012 5:43:26 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    avast! Free Antivirus
    Bonjour
    Broadcom Gigabit Integrated Controller
    clrmamepro
    DAEMON Tools Lite
    Dell Resource CD
    Google Chrome
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    ISO Recorder
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 27
    K-Lite Codec Pack 7.7.0 (Standard)
    Malwarebytes Anti-Malware version 1.60.0.1800
    Metroid Other M Screensaver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Web Platform Installer 3.0
    Morrowind
    Mozilla Firefox 9.0.1 (x86 en-US)
    MP3 Splitter & Joiner 3.27
    MP3 To Ringtone Gold 3.18
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SoundMAX
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Video Download FileBulldog Toolbar
    Video Download Toolbar 2.1.0.0
    VLC media player 1.1.11
    WBFS Manager 3.0
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    Xingtone Ringtone Maker
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2012, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc

    with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/9/2012 12:33:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

    service MSIServer with arguments "" in order to run the server:

    {000C101C-0000-0000-C000-000000000046}
    1/8/2012 7:07:29 PM, information: Windows File Protection [64002] - File replacement was

    attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored

    to the original version to maintain system stability. The file version of the system file is

    5.1.2600.6024.
    1/8/2012 2:12:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has

    encountered an error trying to update signatures. New Signature Version:

    Previous Signature Version: 1.117.2398.0 Update Source: Microsoft Update Server Update

    Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update

    Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine

    Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem

    occurred while checking for updates. For information on installing or troubleshooting updates,

    see Help and Support.
    1/8/2012 11:39:10 PM, error: Service Control Manager [7026] - The following boot-start or

    system-start driver(s) failed to load: Fips intelppm MpFilter
    1/8/2012 11:39:10 PM, error: Service Control Manager [7024] - The Workstation service

    terminated with service-specific error 2250 (0x8CA).
    1/8/2012 11:39:10 PM, error: Service Control Manager [7023] - The System Restore Service

    service terminated with the following error: Access is denied.
    1/8/2012 11:39:10 PM, error: Service Control Manager [7001] - The Computer Browser service

    depends on the Workstation service which failed to start because of the following error: The

    service has returned a service-specific error code.
    1/8/2012 11:38:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

    service EventSystem with arguments "" in order to run the server:

    {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/8/2012 11:38:31 PM, error: SRService [104] - The System Restore initialization process

    failed.
    1/8/2012 11:38:25 PM, error: Workstation [5727] - Could not load RDR device driver.
    1/8/2012 10:58:17 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was

    unable to request an operation of the kernel-mode translation module. This may indicate

    misconfiguration, insufficient resources, or an internal error. The data is the error code.
    1/8/2012 10:38:37 PM, error: Service Control Manager [7026] - The following boot-start or

    system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter NetBIOS NetBT RasAcd

    Rdbss Tcpip
    1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper

    service depends on the AFD service which failed to start because of the following error: A

    device attached to the system is not functioning.
    1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The IPSEC Services service

    depends on the IPSEC driver service which failed to start because of the following error: A

    device attached to the system is not functioning.
    1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The DNS Client service depends

    on the TCP/IP Protocol Driver service which failed to start because of the following error: A

    device attached to the system is not functioning.
    1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends

    on the NetBios over Tcpip service which failed to start because of the following error: A

    device attached to the system is not functioning.
    1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The Bonjour Service service

    depends on the TCP/IP Protocol Driver service which failed to start because of the following

    error: A device attached to the system is not functioning.
    1/8/2012 10:38:37 PM, error: Service Control Manager [7001] - The Apple Mobile Device service

    depends on the TCP/IP Protocol Driver service which failed to start because of the following

    error: A device attached to the system is not functioning.
    1/7/2012 3:13:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during

    DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS

    lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable

    host. (0x80072751)
    .
    ==== End Of File ===========================


    My apologies if I forgot anything!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Are you saying you don't have internet connection or you do?
     
  3. mikeinsc81

    mikeinsc81 TS Rookie Topic Starter

    Thanx for the reply, sorry about the word wrap. I do have an internet connection.

    The "System Check" console and the errors no longer appear, but my desktop icons, and items in the Windows Explorer are still hidden.

    i recall reading about some sort of "un-hider" in other people's solutions, but I'll wait until you let me know if it's necessary or not. Thanx!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. mikeinsc81

    mikeinsc81 TS Rookie Topic Starter

    It appears that UnHide has worked and things are back to normal! Thanx so much Broni for all of your help, and for the help you provide others!! =)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    ...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...