also @ TechSpot: iTunes 11.0.3 delivers revamped MiniPlayer, security fixes

[Not curable - Ramnit] Google Re-direct-having problems, can't download GMER

Discussion in 'Virus and Malware Removal' started by Sixx1402, Apr 23, 2011.

Page 3 of 6

  1. Sixx1402 Newcomer, in training Posts: 60

    No it won't let me in using safe mode either, when i click on user or administrator it just says 'saving your settings' like its logging off
    Sixx1402, Apr 23, 2011
    #41

  2. Broni Malware Annihilator Posts: 39,288   +175

    1. Restart computer.

    2. When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter.

    3. You'll find yourself at this screen:

    [IMG]

    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:

    C:\WINDOWS>

    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:

    C:\>

    9. Type:

    cd system~1\_resto~1

    Press Enter.

    ===============================================================================

    Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9

    ===============================================================================

    10. Type:

    dir

    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:

    c:\system~1\resto~1\rp9\snapshot

    Note : restore point 9 assumed for clarity of the content.


    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:

    Exit

    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.
    Broni, Apr 23, 2011
    #42

  3. Sixx1402 Newcomer, in training Posts: 60

    It doesn't give me the option to boot into recovery console, it just boots as normal and takes me to the welcome/log on screen?
    Sixx1402, Apr 23, 2011
    #43

  4. Broni Malware Annihilator Posts: 39,288   +175

    Broni, Apr 23, 2011
    #44

  5. Sixx1402 Newcomer, in training Posts: 60

    Ok i did all that but now its saying: 'A problem has been detected and windows has been shut down to prevent damage to your computer' Some other stuff and then

    Technical information: *** STOP: 0x0000007E (0xc0000005, oxf748e0bf, 0xf78da208, 0xf78d9f08)
    *** pci.sys - address f748e0bf base at f7487000, datestamp 3b7d855c
    Sixx1402, Apr 23, 2011
    #45

  6. Broni Malware Annihilator Posts: 39,288   +175

    Do you have Windows XP CD?
    Broni, Apr 23, 2011
    #46
     

  7. Sixx1402 Newcomer, in training Posts: 60

    Yeah i've just found it and i'm at the 'Welcome to setup' screen, am i to press 'R'?
    Sixx1402, Apr 23, 2011
    #47

  8. Broni Malware Annihilator Posts: 39,288   +175

    Yes........
    Broni, Apr 23, 2011
    #48

  9. Sixx1402 Newcomer, in training Posts: 60

    When i type 'cd system~1\_resto~1' it says access is denied, then when i follow the other part and put in ren system system.bak it says 'a directory or file with the name system.bak already exists'?
    Sixx1402, Apr 23, 2011
    #49

  10. Sixx1402 Newcomer, in training Posts: 60

    Its very late over here now, i'll come back on tomorrow, thanks for the help
    Sixx1402, Apr 24, 2011
    #50

  11. Broni Malware Annihilator Posts: 39,288   +175

    Broni, Apr 24, 2011
    #51

  12. Sixx1402 Newcomer, in training Posts: 60

    Hi Broni, ok i've done the repair and i'm back on, i'll need to reinstall programs and drivers, was just going to download the driver for my nvidia card but wasn't sure if it is safe to do so? I'm still getting redirected on internet explorer so where should i go from here?
    Sixx1402, Apr 24, 2011
    #52

  13. Broni Malware Annihilator Posts: 39,288   +175

    Good news for Happy Easter :)

    Install all drivers, you need and....we'll have to start all over :(

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    Broni, Apr 24, 2011
    #53

  14. Sixx1402 Newcomer, in training Posts: 60

    ok i'm having big trouble with the nvidia card! i've tried to install a driver but it says it can't find the hardware?
    Sixx1402, Apr 24, 2011
    #54

  15. Broni Malware Annihilator Posts: 39,288   +175

    If your display is kind of OK, we may try to go through cleaning steps and then we can worry about your video card.
    Let me know.
    Broni, Apr 24, 2011
    #55

  16. Sixx1402 Newcomer, in training Posts: 60

    Its ok, i managed to find a driver that worked after much searching! I'm doing the logs for you now, will post when done
    Sixx1402, Apr 24, 2011
    #56

  17. Broni Malware Annihilator Posts: 39,288   +175

    Cool beans :)
    Broni, Apr 24, 2011
    #57

  18. Sixx1402 Newcomer, in training Posts: 60

    Ok, i've done them apart from the GMER log because when i started running it, it went to a blue screen and said it was 'dumping physical memory' so i didn't try it again!

    Malware Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6422

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    24/04/2011 18:24:25
    mbam-log-2011-04-24 (18-24-25).txt

    Scan type: Quick scan
    Objects scanned: 167301
    Time elapsed: 3 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Sixx1402, Apr 24, 2011
    #58

  19. Sixx1402 Newcomer, in training Posts: 60

    DDS Log:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by User at 18:54:54.39 on 24/04/2011
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1566 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\User\Desktop\2\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit.ex,c:\program files\khwsfwle\skofparu.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SkyTel] SkyTel.EXE
    mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286537024059
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286537114027
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-23 11608]
    R1 RapportCerberus_25973;RapportCerberus_25973;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-23 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-23 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-23 61960]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-8 54760]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-27 233472]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-24 2218600]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-27 36608]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-23 135664]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;c:\windows\system32\drivers\W35UND.SYS [2010-10-8 117632]
    .
    =============== Created Last 30 ================
    .
    2011-04-24 17:05:35 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
    2011-04-24 17:05:35 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
    2011-04-24 17:05:35 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-24 17:05:35 5210112 ----a-w- c:\windows\system32\nvcuda.dll
    2011-04-24 17:05:35 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-04-24 17:05:35 2116894 ----a-w- c:\windows\system32\nvdata.bin
    2011-04-24 17:05:35 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-04-24 17:05:35 2027008 ----a-w- c:\windows\system32\nvapi.dll
    2011-04-24 17:05:35 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
    2011-04-24 17:05:35 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-04-24 15:40:27 -------- d-----w- C:\NVIDIA
    2011-04-24 13:20:11 -------- d-----w- c:\program files\khwsfwle
    2011-04-24 13:14:02 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
    2011-04-24 13:14:02 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2011-04-24 13:14:01 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2011-04-24 13:14:01 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
    2011-04-24 13:14:01 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
    2011-04-24 13:14:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
    2011-04-24 13:14:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
    2011-04-24 13:14:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
    2011-04-24 13:14:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
    2011-04-24 13:14:00 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
    2011-04-24 13:12:59 81976 -c--a-w- c:\windows\system32\dllcache\imjpdct.dll
    2011-04-24 13:11:59 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
    2011-04-24 13:10:12 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2011-04-24 13:10:12 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
    2011-04-24 13:10:02 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
    2011-04-24 13:10:02 8192 ----a-w- c:\windows\system32\bitsprx2.dll
    2011-04-24 13:10:02 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
    2011-04-24 13:10:02 7168 ----a-w- c:\windows\system32\bitsprx3.dll
    2011-04-24 12:58:16 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-04-24 12:58:16 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-04-24 12:58:15 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-04-24 12:58:15 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-04-24 01:42:53 -------- d-----w- C:\_OTL
    2011-04-23 18:22:04 -------- d-sha-r- C:\cmdcons
    2011-04-23 18:20:24 98816 ----a-w- c:\windows\sed.exe
    2011-04-23 18:20:24 89088 ----a-w- c:\windows\MBR.exe
    2011-04-23 18:20:24 256512 ----a-w- c:\windows\PEV.exe
    2011-04-23 18:20:24 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-23 02:53:29 -------- dc-h--w- c:\windows\ie8
    2011-04-23 02:53:13 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Google
    2011-04-23 00:58:53 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-23 00:57:01 -------- d-----w- c:\docume~1\user\applic~1\Avira
    2011-04-23 00:55:54 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-23 00:55:53 -------- d-----w- c:\program files\Avira
    2011-04-23 00:55:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-04-22 21:30:59 166768 ----a-w- c:\program files\common files\installshield\updateservice\isuspmmgr.exe
    2011-04-22 21:30:59 166768 ----a-w- c:\program files\common files\installshield\updateservice\agentmgr.exe
    2011-04-22 21:23:14 -------- d-----w- c:\program files\VS Revo Group
    2011-04-15 17:17:32 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Trusteer
    2011-04-14 22:04:15 -------- d-----w- c:\program files\Spotify
    2011-04-07 21:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2011-04-07 21:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 21:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2011-04-07 21:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 21:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 21:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
    2011-04-07 21:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2011-04-06 11:23:51 -------- d-----w- C:\found.000
    .
    ==================== Find3M ====================
    .
    2011-04-24 17:15:05 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-04-24 17:15:05 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-04-24 17:15:04 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ============= FINISH: 18:55:26.32 ===============
    Sixx1402, Apr 24, 2011
    #59

  20. Sixx1402 Newcomer, in training Posts: 60

    DDS Attach Log:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/04/2011 14:14:19
    System Uptime: 24/04/2011 18:50:21 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M2VTVM-VM890
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 396.959 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: System Interrupt Controller
    Device ID: PCI\VEN_1106&DEV_5336&SUBSYS_80ED1043&REV_00\3&267A616A&0&05
    Manufacturer:
    Name: System Interrupt Controller
    PNP Device ID: PCI\VEN_1106&DEV_5336&SUBSYS_80ED1043&REV_00\3&267A616A&0&05
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 24/04/2011 14:20:19 - System Checkpoint
    RP2: 24/04/2011 17:01:29 - Installed Windows Installer KB893803v2.
    RP3: 24/04/2011 17:25:10 - Installed NVIDIA PhysX
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Illustrator 10
    Adobe Photoshop 7.0
    Adobe Reader X (10.0.1)
    Adobe SVG Viewer 3.0
    Ahead Nero Burning ROM
    Avira AntiVir Personal - Free Antivirus
    CorelDRAW Graphics Suite X3
    DivX Setup
    EN
    FontNav
    Football Manager 2010
    Football Manager 2011
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Manhunt
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Control Panel 270.61
    NVIDIA Graphics Driver 270.61
    NVIDIA Install Application
    NVIDIA nView 135.70
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Update 1.1.34
    NVIDIA Update Components
    OpenOffice.org 3.2
    PowerDVD
    Rapport
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.92
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    Samsung New PC Studio USB Driver Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Segoe UI
    Splinter Cell Pandora Tomorrow
    Spotify
    Steam
    SWAT 4
    Tom Clancy's Splinter Cell
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update Manager
    VBA
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/04/2011 16:48:33, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_mini.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    24/04/2011 16:48:33, information: Windows File Protection [64002] - File replacement was attempted on the protected system file nv4_disp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.5673.
    24/04/2011 14:17:19, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
    24/04/2011 14:15:06, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
    24/04/2011 14:11:09, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
    24/04/2011 14:08:03, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    24/04/2011 01:14:04, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
    23/04/2011 23:51:02, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 898a9970, parameter3 898a9d88, parameter4 1a830008.
    23/04/2011 23:50:53, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 894ebb60, parameter3 894ebf78, parameter4 1a8300fe.
    23/04/2011 23:49:50, error: System Error [1003] - Error code 1000000a, parameter1 00700005, parameter2 00000002, parameter3 00000001, parameter4 806e7a2a.
    23/04/2011 23:49:23, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 88bcb830, parameter3 88bcbc48, parameter4 1a830001.
    23/04/2011 22:58:32, error: PlugPlayManager [11] - The device Root\LEGACY_JATMLANO\0000 disappeared from the system without first being prepared for removal.
    23/04/2011 22:20:37, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 8942f358, parameter3 8942f770, parameter4 1a830008.
    23/04/2011 20:40:29, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 89309858, parameter3 89309c70, parameter4 1a830003.
    23/04/2011 20:40:22, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 890b0000, parameter3 890b0418, parameter4 1a830000.
    23/04/2011 19:04:31, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.6040, the version of the system file is 6.0.2900.6040.
    23/04/2011 19:04:31, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
    23/04/2011 18:59:24, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3002.0, the version of the system file is 2.81.3002.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:12, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.81.3012.0, the version of the system file is 2.81.3012.0.
    23/04/2011 18:57:05, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    23/04/2011 18:57:03, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.1.0.9246, the version of the system file is 6.1.0.9246.
    23/04/2011 18:08:34, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    23/04/2011 18:08:34, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
    23/04/2011 18:08:34, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    23/04/2011 16:48:54, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    23/04/2011 16:48:54, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.
    23/04/2011 16:46:45, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    23/04/2011 16:46:45, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    23/04/2011 16:46:45, error: Service Control Manager [7034] - The FsUsbExService service terminated unexpectedly. It has done this 1 time(s).
    23/04/2011 16:46:45, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    23/04/2011 16:46:45, error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    23/04/2011 15:52:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    23/04/2011 15:51:47, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio Avgldx86 Avgmfx86 avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:47, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    23/04/2011 15:51:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    23/04/2011 14:36:45, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
    23/04/2011 14:11:43, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
    23/04/2011 03:40:06, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
    23/04/2011 03:39:45, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
    23/04/2011 03:36:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6010.
    23/04/2011 03:36:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    23/04/2011 03:36:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5146.
    23/04/2011 03:36:03, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 11.0.5721.5145.
    23/04/2011 03:10:05, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.6040.
    23/04/2011 03:10:05, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
    23/04/2011 03:04:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
    23/04/2011 03:03:06, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    23/04/2011 02:59:25, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:25, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3002.0.
    23/04/2011 02:59:24, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:24, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:24, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:19, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
    23/04/2011 02:59:15, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
    23/04/2011 02:59:13, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.1.0.9246.
    22/04/2011 22:31:11, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
    Sixx1402, Apr 24, 2011
    #60
Page 3 of 6
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.