Solved Unexpected error '0xC0000034'

[kryan]

Hi everyone.

I initially posted on the WIndows BSOD, Freezing and Restarting Help forum.
(https://www.techspot.com/vb/topic153149.html)

I had a problem where my system froze at startup. I was being helped by two members, B00kWyrm and Route44. In one of my logs they pointed out a system error where system restore was unable to complete.

They said that unexpected error '0xC0000034' means that it could not find this file '_filelst.cfg', and that this behavior has been observed as a result of malware/Trojans.

They suggested a check-up at the Malware and Virus Removal forum.

Since I last posted, the problem has been getting progressively worse to the point where the system freezes almost every time I start it up.

Attached are the logs from DDS. Malwarebytes doesn't detect any threats. I tried running GMER, but the system hangs every single time, so I'm unable to attach a log.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Read notes regarding running GMER.

 

[kryan]

I tried running GMER again with "Devices" unchecked and in safe mode. Each time, the scan was interrupted by a blue screen, either "irql_not_less_or_equal" or "pfn_list_corrupt".

Attached are the most recent logs from DDS and MBAM.

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[kryan]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB7F1A000 SI3132.sys
0xB7F02000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EE2000 fltmgr.sys
0xB7ED0000 sr.sys
0xB84BC000 SiWinAcc.sys
0xB7EB9000 KSecDD.sys
0xB7EA6000 WudfPf.sys
0xB7E19000 Ntfs.sys
0xB7DEC000 NDIS.sys
0xB8338000 SiRemFil.sys
0xB7DD2000 Mup.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6FF8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6FE4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8420000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB6FC0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6F9D000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8308000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB6F75000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8318000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB6E67000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB6E14000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xB85DA000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB87AA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8158000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8588000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6DFD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8168000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8178000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6D4C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8188000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8448000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8198000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6CEE000 \SystemRoot\system32\DRIVERS\update.sys
0xB8594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8598000 \SystemRoot\system32\drivers\WmBEnum.sys
0xB81A8000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB81C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8458000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB8208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85E2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB4A9C000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB4A78000 \SystemRoot\system32\drivers\portcls.sys
0xB8218000 \SystemRoot\system32\drivers\drmk.sys
0xB49C1000 \SystemRoot\system32\drivers\AEAudio.sys
0xB499E000 \SystemRoot\system32\drivers\adidts.sys
0xB8612000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB875B000 \SystemRoot\System32\Drivers\Null.SYS
0xB8614000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8480000 \SystemRoot\System32\drivers\vga.sys
0xB8616000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8618000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8488000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8490000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8554000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4926000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB48CD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB486B000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB4845000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8298000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB481D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB47FB000 \SystemRoot\System32\drivers\afd.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB47C7000 \SystemRoot\System32\drivers\truecrypt.sys
0xB479C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB472C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB6DDD000 \SystemRoot\System32\Drivers\Fips.SYS
0xB84A0000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB46F8000 \SystemRoot\System32\Drivers\avgldx86.sys
0xB6DAD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB46B8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB864A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB48C5000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83A0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB868D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB42CC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3EDB000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4050000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3B86000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB3AB7000 \SystemRoot\system32\DRIVERS\srv.sys
0xB39CB000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB366A000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3527000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
640 csrss.exe
664 C:\WINDOWS\system32\winlogon.exe
708 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\nvsvc32.exe
948 C:\WINDOWS\system32\svchost.exe
996 svchost.exe
1096 C:\WINDOWS\system32\svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1176 C:\Program Files\AVG\AVG9\avgchsvx.exe
1184 C:\Program Files\AVG\AVG9\avgrsx.exe
1352 svchost.exe
1408 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1640 svchost.exe
1820 C:\WINDOWS\system32\spoolsv.exe
1968 C:\WINDOWS\explorer.exe
284 C:\Program Files\Analog Devices\Core\smax4pnp.exe
304 C:\PROGRA~1\AVG\AVG9\avgtray.exe
312 C:\WINDOWS\system32\atwtusb.exe
344 C:\Program Files\Common Files\Java\Java Update\jusched.exe
384 C:\WINDOWS\system32\ctfmon.exe
480 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
980 svchost.exe
1680 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1060 C:\Program Files\Java\jre6\bin\jqs.exe
136 C:\WINDOWS\system32\PnkBstrA.exe
400 C:\WINDOWS\system32\PnkBstrB.exe
448 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
1088 C:\Program Files\AVG\AVG9\avgnsx.exe
1440 C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
1936 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2104 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
2216 C:\WINDOWS\system32\wuauclt.exe
2760 alg.exe
4024 wmiprvse.exe
1940 C:\WINDOWS\system32\wscntfy.exe
1988 C:\Documents and Settings\Ryan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3500630AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

MBRCheck log looks good

Combofix looks good too.

I doubt, we're dealing with any infection here, but we'll keep checking.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[kryan]

Logs are too long to paste in my post. I've attached them instead.

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
  @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
  @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
  
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[kryan]

Okay, new problem.

Whenever I try to boot my computer, I get the mesage "\WINDOWS\SYSTEM32\CONFIG\SYSTEM - file missing or corrupt".

It then asks me to insert my Windows CD and repair the installation. Should I go ahead and do this?

 

[Broni]

Please, do so.
It looks like system hive got corrupted - may happen, when dealing with an infection.
Keep me posted.

 

[kryan]

I've been trying to complete the ESET scan over the past couple of days, but my system either freezes or crashes to a blue screen during the process. The same thing happens in safe mode as well.

 

[Broni]

Wait. I assume, repair installation worked?

 

[kryan]

Actually, it started booting again. the prompt hasn't appeared since then. Attached are the logs from OTL and Security Check. Will upload the ESET log if it ever completes.

 

[Broni]

OK ..........

 

[kryan]

ESET scan results attached.

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

 

[kryan]

OTL log attached.

I removed DDS, GMER, MBRCheck, ComboFix, OTL and ESET. I also installed WIndows updates as well as updates to the programs highlighted by Secunia PSI.

Today is the first day in over a week that I've been able to use my computer. Over the past few days I got BSODs and freezes within minutes of starting up.

 

[Broni]

I'm glad to hear good news

If no other issues...

Way to go!!

Good luck and stay safe

 

[kryan]

Thank for all the help Broni.

 

[Broni]

You're very welcome