Solved No Control Panel, can't double-click, IE not working

Status
Not open for further replies.
WonkoTheSane

WonkoTheSane

Posts: 14   +0
Hey all,

Got infected a few days ago, and since then IE will not work. The window comes up, but soon becomes unresponsive. Chrome and Firefox both work, though. Also, I can't click on any of the desktop shortcuts to open. I have to first right-click, then select open. Same for any programs in the Start menu. Have to right-click and select open. Using right-click and open to access Control Panel doesn't work, however.

No idea what else might not be working right.

I'd previously run Malwarebytes, AVG, and Avast. They all found and removed some problems for me, but still having the above issues.

Any help would be greatly appreciated, and thanks for your time.

Requested logs coming next.
 
Malwarebytes log...


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris :: VADER [administrator]

8/3/2012 1:00:05 PM
mbam-log-2012-08-03 (13-00-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246302
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{77777777-7777-7777-7777-770077467739} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-03 16:13:02
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3320620AS rev.3.AAE
Running: 06t0d20b.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\kxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3FFC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB3FFBFCD]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Chris at 16:16:28 on 2012-08-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2435 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Documents and Settings\Chris\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - c:\documents and settings\chris\application data\qwiklinx\Qwiklinx.dll
BHO: IE.PerformancePack: {7adefb8e-b723-45e6-86e2-2b7841f5d6a5} - mscoree.dll
BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - c:\documents and settings\chris\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\INTELAUDIOSTUDIO.exe" BOOT
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228095759578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{BF20EB66-0D38-4EE8-811C-6C96562BAAE1} : DhcpNameServer = 65.32.5.111 65.32.5.112
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\WINDOW scecli
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-31 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-31 353688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-31 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-31 44808]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-5-18 563200]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\chris\application data\defaulttab\defaulttab\DTUpdate.exe [2012-7-31 107520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\daodb\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-27 2348352]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-12-29 123712]
S3 bfastfao;bfastfao;\??\c:\docume~1\chris\locals~1\temp\bfastfao.sys --> c:\docume~1\chris\locals~1\temp\bfastfao.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-7-16 25832]
.
=============== Created Last 30 ================
.
2012-08-03 06:32:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 06:32:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 05:56:49 -------- d-----w- c:\documents and settings\chris\local settings\application data\visi_coupon
2012-08-01 04:11:07 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-01 04:10:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-01 04:10:13 -------- d-----w- c:\program files\AVAST Software
2012-08-01 04:10:13 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-07-31 05:41:49 -------- d-----w- c:\program files\Qwiklinx
2012-07-31 05:41:49 -------- d-----w- c:\documents and settings\chris\application data\Qwiklinx
2012-07-31 05:41:39 -------- d-----w- c:\documents and settings\chris\local settings\application data\SavingsApp
2012-07-31 05:41:36 -------- d-----w- c:\program files\SavingsApp
2012-07-31 05:41:11 -------- d-----w- c:\program files\DefaultTab
2012-07-31 05:41:03 -------- d-----w- c:\documents and settings\chris\application data\DefaultTab
2012-07-12 04:46:32 -------- d-----w- c:\program files\Gardenscapes - Mansion Makeover
.
==================== Find3M ====================
.
.
============= FINISH: 16:17:36.45 ===============
 
Attach.log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2008 7:06:22 PM
System Uptime: 8/3/2012 12:23:44 PM (4 hours ago)
.
Motherboard: Intel Corporation | | D915PBL
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | J2E1 | 3400/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 74.105 GiB free.
D: is CDROM (UDF)
F: is FIXED (NTFS) - 1863 GiB total, 1148.156 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MP970 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP970 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP778: 5/5/2012 12:15:25 PM - System Checkpoint
RP779: 5/7/2012 9:28:54 PM - System Checkpoint
RP780: 5/8/2012 10:50:15 PM - System Checkpoint
RP781: 5/8/2012 11:39:28 PM - Avg Update
RP782: 5/10/2012 12:34:41 AM - System Checkpoint
RP783: 5/11/2012 1:53:09 AM - System Checkpoint
RP784: 5/12/2012 8:08:00 PM - System Checkpoint
RP785: 5/17/2012 7:51:11 PM - System Checkpoint
RP786: 5/19/2012 8:03:46 PM - System Checkpoint
RP787: 5/20/2012 11:06:27 PM - System Checkpoint
RP788: 5/22/2012 7:29:49 AM - System Checkpoint
RP789: 5/24/2012 1:33:02 AM - System Checkpoint
RP790: 5/29/2012 8:52:51 PM - System Checkpoint
RP791: 6/1/2012 11:46:55 PM - Avg Update
RP792: 6/4/2012 6:03:17 PM - System Checkpoint
RP793: 6/6/2012 11:51:06 AM - System Checkpoint
RP794: 6/7/2012 12:08:36 AM - Avg Update
RP795: 6/10/2012 6:06:35 PM - System Checkpoint
RP796: 6/11/2012 7:04:29 PM - System Checkpoint
RP797: 6/12/2012 7:34:41 PM - System Checkpoint
RP798: 6/18/2012 1:46:00 PM - System Checkpoint
RP799: 6/22/2012 5:46:47 PM - System Checkpoint
RP800: 6/23/2012 9:13:27 PM - System Checkpoint
RP801: 6/24/2012 9:44:19 PM - System Checkpoint
RP802: 6/28/2012 6:06:57 PM - System Checkpoint
RP803: 6/29/2012 1:48:31 AM - Avg Update
RP804: 6/30/2012 12:41:24 PM - System Checkpoint
RP805: 7/5/2012 8:02:13 PM - System Checkpoint
RP806: 7/10/2012 1:42:49 AM - System Checkpoint
RP807: 7/11/2012 7:17:45 PM - System Checkpoint
RP808: 7/12/2012 10:34:59 PM - System Checkpoint
RP809: 7/16/2012 9:08:04 PM - System Checkpoint
RP810: 7/17/2012 11:43:54 PM - System Checkpoint
RP811: 7/28/2012 6:21:11 PM - System Checkpoint
RP812: 7/30/2012 2:38:55 PM - System Checkpoint
RP813: 7/31/2012 11:10:13 PM - avast! Free Antivirus Setup
RP814: 8/1/2012 11:19:15 PM - Removed AVG Free 9.0
RP815: 8/1/2012 11:21:03 PM - Installed AVG Free 9.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Amazon MP3 Downloader 1.0.15
Amnesia: The Dark Descent
Apple Software Update
ArcSoft PhotoStudio 5.5
Audacity 1.2.6
Audiosurf Demo
AutoUpdate
avast! Free Antivirus
Big Fish Games: Game Manager
Blood Bowl: Dark Elves Edition
Blood Bowl: Legendary Edition
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MP970 series
Canon MP970 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CeRegEditor 0.0.4.4
Cities XL - Limited Edition
Cities XL 2011
Cities XL 2012
City Life 2008
Crazy Machines
Critical Update for Windows Media Player 11 (KB959772)
DefaultTab
DefaultTab Chrome
Dev-C++ 5 beta 9 release (4.9.9.2)
Divinity II - The Dragon Knight Saga
DivX Codec
Dragon Age: Origins
Dragon Age: Origins - Awakening
Dragon Age: Origins Character Creator
EA Download Manager
Ease Audio Converter 4.80
Fallout: New Vegas
FLV Player 2.0 (build 25)
Full Tilt Poker
GameCenter
GameSpy Arcade
Gardenscapes
Gardenscapes: Mansion Makeover™
Google Chrome
Green Moon
H&R Block Alabama 2009
H&R Block Alabama 2010
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) Desktop Control Center
Intel(R) PRO Network Adapters and Drivers
Intel® Audio Studio
Java Auto Updater
Java(TM) 6 Update 24
Just Cause
K-Lite Codec Pack 6.8.0 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Theme Nunavut
Microsoft WorldWide Telescope
Microsoft WSE 3.0 Runtime
Mobipocket Reader 6.2
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML 6.0 Parser
Mystery P.I. - The Lottery Ticket 1.0.0.5
NVIDIA Control Panel 295.73
NVIDIA Display Control Panel
NVIDIA Graphics Driver 295.73
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Update 1.7.11
NVIDIA Update Components
Pando Media Booster
Penumbra: Black Plague
Penumbra: Overture
Penumbra: Requiem
Pioneer Lands
Plants vs. Zombies: Game of the Year
Portal
Pro Cycling Manager Season 2008
QuickTime
Qwiklinx
RealPlayer
Realtek High Definition Audio Driver
RIFT
Royal Envoy Collector's Edition
Runaway: A Road Adventure
Runaway: A Twist of Fate
Runaway: The Dream of the Turtle
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shattered Horizon
Silverfall
Space Quest 1+2+3
Star Trek Online
Star Wars: The Old Republic
StarChef Standard
StarCraft
Steam
Stronghold
System Requirements Lab
Tales of Monkey Island - Lair of the Leviathan
Tales of Monkey Island - Launch of the Screaming Narwhal
Tales of Monkey Island - Rise of the Pirate God
Tales of Monkey Island - The Siege of Spinner Cay
Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood
TaxCut Alabama 2008
TaxCut Premium + State + Efile 2008
The Elder Scrolls III: Morrowind
The Next BIG Thing
The Right Track (R) Software
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Create a World Tool - Beta
The Sims™ 3 World Adventures
The Witch and The Warrior
TRAUMA
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Wallace and Gromits Grand Adventures - Fright of the Bumblebees
Wallace and Gromits Grand Adventures - Muzzled!
Wallace and Gromits Grand Adventures - The Bogey Man
Wallace and Gromits Grand Adventures - The Last Resort
Warcraft III
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® Device Handbook
Windows XP Service Pack 3
Works Suite OS Pack
XMLinst
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/1/2012 11:57:02 AM, error: Service Control Manager [7024] - The SQL Server (BWDATOOLSET) service terminated with service-specific error 1814 (0x716).
8/1/2012 10:51:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi AvgLdx86 AvgMfx86 Fips intelppm
8/1/2012 10:50:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/31/2012 10:07:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
7/28/2012 5:45:09 PM, error: Print [6161] - The document statement[1].pdf owned by Chris failed to print on printer Canon MP970 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1572864. Number of bytes printed: 465920. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\VADER. Win32 error code returned by the print processor: 13 (0xd).
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
Thanks for assisting me, DragonMasterJay.

Ran Combofix as requested. Everything ran as you described, but I do not see a "Combo-Fix.txt" file in C:\.

There is an icon labeled "ComboFix" that looks like the "My Computer" icon. Looking at the properties, it says it is a folder. Inside the folder are the exact same items as in "My Computer", only the folder is named "ComboFix" Inside that folder you can open "C:\" which has another folder "ComboFix" in it which again has the same contents as "My Computer." You can keep following this recursive loop of folders seemingly forever, and have multiple "ComboFix" and "C:\" folders open.

Is this normal?
 
Disregard last post. Saw in another post reference to getting stuck at Combo-Fix will now reboot your machine" etc. I never got that. The machine just rebooted. Figuring the machine had crashed, I re-ran ComboFix. Everything worked right this time, and the "ComboFix" folder I mentioned before is gone.

Here's the log.

ComboFix 12-07-31.06 - Chris 08/03/2012 18:43:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2630 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Chris\Application Data\Adobe\plugs
c:\documents and settings\Chris\Application Data\Adobe\shed
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\bing.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\google.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\yahoo.ico
c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\youtube_ie.ico
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome.manifest
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\background.html
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\browser.xul
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\crossrider.js
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\crossriderapi.js
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\dialog.js
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\options.js
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\options.xul
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\search_dialog.xul
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\chrome\content\update.html
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\defaults\preferences\prefs.js
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\install.rdf
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\locale\en-US\translations.dtd
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\button1.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\button2.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\button3.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\button4.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\button5.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\crossrider_statusbar.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\icon128.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\icon16.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\icon24.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\icon48.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\panelarrow-up.png
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\popup.css
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\popup.html
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\popup_binding.xml
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\skin.css
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\361jeeys.default\extensions\crossriderapp4639@crossrider.com\skin\update.css
c:\documents and settings\Chris\Application Data\Qwiklinx\QwIKlinx.dll
c:\documents and settings\Chris\My Documents\ShopToWin
c:\documents and settings\Chris\Start Menu\178.lnk
c:\documents and settings\Chris\WINDOWS
c:\program files\SavingsApp
c:\program files\SavingsApp\SavingsApp.ico
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-03 06:32 . 2012-08-03 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 06:32 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 05:56 . 2012-08-02 05:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\visi_coupon
2012-08-02 03:51 . 2012-08-02 03:51 -------- d-----w- c:\documents and settings\Administrator.VADER.000\Local Settings\Application Data\Mozilla
2012-08-01 04:11 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-01 04:11 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-01 04:11 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-01 04:11 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-01 04:11 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-01 04:11 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-01 04:11 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-01 04:11 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-01 04:10 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-01 04:10 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-01 04:10 . 2012-08-01 04:10 -------- d-----w- c:\program files\AVAST Software
2012-08-01 04:10 . 2012-08-01 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-31 05:41 . 2012-08-03 23:57 -------- d-----w- c:\documents and settings\Chris\Application Data\Qwiklinx
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-----w- c:\program files\Qwiklinx
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\SavingsApp
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-----w- c:\program files\DefaultTab
2012-07-31 05:41 . 2012-08-03 23:58 -------- d-----w- c:\documents and settings\Chris\Application Data\DefaultTab
2012-07-31 05:40 . 2012-07-31 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-07-31 05:40 . 2012-07-31 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2012-07-12 04:46 . 2012-07-12 04:47 -------- d-----w- c:\program files\Gardenscapes - Mansion Makeover
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:04 . 2011-12-12 07:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\INTELAUDIOSTUDIO.exe" [2004-06-20 6828032]
"SoundMan"="SOUNDMAN.EXE" [2004-06-17 69632]
"AlcWzrd"="ALCWZRD.EXE" [2004-06-17 2550272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-04 198160]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 03:34 136176 ----atw- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-10 03:04 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-10 04:10 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\DragonAgeToolset.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\RPU.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\lightmapper\\eclipseRay.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\GffEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\ErfEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shattered_horizon\\client_exe\\shattered_horizon.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57752:TCP"= 57752:TCP:pando Media Booster
"57752:UDP"= 57752:UDP:pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/31/2012 11:11 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/31/2012 11:11 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/31/2012 11:11 PM 21256]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [5/18/2012 4:00 AM 563200]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 9:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 9:44 AM 497280]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 7:29 PM 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/27/2012 11:11 PM 2348352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/29/2011 9:18 PM 123712]
S3 bfastfao;bfastfao;\??\c:\docume~1\Chris\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\Chris\LOCALS~1\Temp\bfastfao.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/16/2010 2:00 PM 25832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-08-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-01 16:21]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-682003330-1003Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 03:34]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-682003330-1003UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 03:34]
.
2012-08-03 c:\windows\Tasks\User_Feed_Synchronization-{859C40AD-15BA-44EC-919C-A902C727BC80}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-09756421.sys
AddRemove-DefaultTab - c:\documents and settings\Chris\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-03 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-583907252-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,f9,c5,28,d9,ab,98,11,93,c7,24,4c,9d,a6,2b,f7,1f,e3,a2,59,6e,
d6,a1,42,c4,81,a2,85,1e,e9,a8,47,6f,87,00,54,8d,84,96,51,9e,7a,34,cf,60,4b,\
"rkeysecu"=hex:4f,f9,4e,06,a7,95,c7,ec,3e,32,0a,1b,0c,f8,69,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2012-08-03 19:08:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 00:08
.
Pre-Run: 79,540,932,608 bytes free
Post-Run: 80,832,507,904 bytes free
.
- - End Of File - - 5F6040AD00D35C3DFE47BF00330523FB
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Thanks again for your assistance, DMJ.

Here's the log file.

ComboFix 12-08-04.02 - Chris 08/04/2012 13:05:29.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2559 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-03 06:32 . 2012-08-03 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-03 06:32 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 05:56 . 2012-08-02 05:56 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\visi_coupon
2012-08-02 03:51 . 2012-08-02 03:51 -------- d-----w- c:\documents and settings\Administrator.VADER.000\Local Settings\Application Data\Mozilla
2012-08-01 04:11 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-01 04:11 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-01 04:11 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-01 04:11 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-01 04:11 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-01 04:11 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-01 04:11 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-01 04:11 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-01 04:10 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-01 04:10 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-01 04:10 . 2012-08-01 04:10 -------- d-----w- c:\program files\AVAST Software
2012-08-01 04:10 . 2012-08-01 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-31 05:41 . 2012-08-03 23:57 -------- d-----w- c:\documents and settings\Chris\Application Data\Qwiklinx
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-----w- c:\program files\Qwiklinx
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\SavingsApp
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-31 05:41 . 2012-07-31 05:41 -------- d-----w- c:\program files\DefaultTab
2012-07-31 05:41 . 2012-08-03 23:58 -------- d-----w- c:\documents and settings\Chris\Application Data\DefaultTab
2012-07-31 05:40 . 2012-07-31 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-07-31 05:40 . 2012-07-31 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2012-07-12 04:46 . 2012-07-12 04:47 -------- d-----w- c:\program files\Gardenscapes - Mansion Makeover
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 04:04 . 2011-12-12 07:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-04_00.02.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2012-04-05 05:08 85442 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-08-04 00:05 85442 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-08-04 00:05 479492 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2012-04-05 05:08 479492 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\INTELAUDIOSTUDIO.exe" [2004-06-20 6828032]
"SoundMan"="SOUNDMAN.EXE" [2004-06-17 69632]
"AlcWzrd"="ALCWZRD.EXE" [2004-06-17 2550272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-04 198160]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-01 03:34 136176 ----atw- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-02-10 03:04 15494464 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-10 04:10 1634112 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dragon Age Origins Character Creator\\bin_ship\\DAOCharacterCreator.exe"=
"c:\\Program Files\\Dragon Age Origins Character Creator\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\bin_ship\\DAOrigins.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\DragonAgeToolset.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\RPU.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\lightmapper\\eclipseRay.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\GffEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dragon age origins\\tools\\ErfEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shattered_horizon\\client_exe\\shattered_horizon.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57752:TCP"= 57752:TCP:pando Media Booster
"57752:UDP"= 57752:UDP:pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/31/2012 11:11 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/31/2012 11:11 PM 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/31/2012 11:11 PM 21256]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 9:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 9:44 AM 497280]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 7:29 PM 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/27/2012 11:11 PM 2348352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/29/2011 9:18 PM 123712]
S2 DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [5/18/2012 4:00 AM 563200]
S3 bfastfao;bfastfao;\??\c:\docume~1\Chris\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\Chris\LOCALS~1\Temp\bfastfao.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [7/16/2010 2:00 PM 25832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2012-08-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-01 16:21]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-682003330-1003Core.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 03:34]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-682003330-1003UA.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 03:34]
.
2012-08-04 c:\windows\Tasks\User_Feed_Synchronization-{859C40AD-15BA-44EC-919C-A902C727BC80}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-04 13:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1202660629-583907252-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,f9,c5,28,d9,ab,98,11,93,c7,24,4c,9d,a6,2b,f7,1f,e3,a2,59,6e,
d6,a1,42,c4,81,a2,85,1e,e9,a8,47,6f,87,00,54,8d,84,96,51,9e,7a,34,cf,60,4b,\
"rkeysecu"=hex:4f,f9,4e,06,a7,95,c7,ec,3e,32,0a,1b,0c,f8,69,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(852)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(368)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-04 13:23:30
ComboFix-quarantined-files.txt 2012-08-04 18:23
ComboFix2.txt 2012-08-04 00:08
.
Pre-Run: 80,630,345,728 bytes free
Post-Run: 80,617,029,632 bytes free
.
- - End Of File - - 27264AE4C637E1042EEB5515C5A69F55
 
You're welcome! :)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
At present, I can now get to the Control Panel (think ComboFix did that), and instead of starting and becoming non-responsive, IE now starts connecting, and then just crashes and disappears. Also, recently noticed I can't bring up Windows Media Player. I hadn't tried before starting this thread, so I don't know if it was a problem before or not (I'm guessing it was).

Anyway, here's the log from ESET.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=486ab9fd45456a47a5b481344d4dde12
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-06 01:25:27
# local_time=2012-08-05 08:25:27 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 15135614 15135614 0 0
# compatibility_mode=1024 16777215 100 0 66455257 66455257 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 4 83508 83508 0 0
# scanned=319991
# found=3
# cleaned=3
# scan_time=8175
C:\System Volume Information\_restore{32826CE3-4CD9-4800-8682-FB219DC822EB}\RP812\A0257892.dll Win32/Toolbar.BHO.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{32826CE3-4CD9-4800-8682-FB219DC822EB}\RP812\A0257895.dll Win32/Toolbar.BHO.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{32826CE3-4CD9-4800-8682-FB219DC822EB}\RP812\A0257974.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 
Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Ok...finished those steps. I still can't get IE to run. The window still comes up saying "Connecting..." then after a second or two it just disappears. Windows Media Player also isn't running (window never comes up on that one).

As for the double click problem, there is some progress there. As previously reported, I can now get to the control panel, and I can now double click to bring up some file types like folders, pictures and executables on the desktop. However, still can't bring up shortcuts on the desktop with double click (have to right-click and select open). Same with Start -> All Programs. When I left click on the program to start it, nothing happens. If I right click and select open, things run as expected.

Also, thinking maybe the shortcuts were just broken, I tried to create a couple new shortcuts on the desktop. I tried to create a new shortcut for Firefox, but when I got to the end to "Finish" and create the shortcut, I got an error saying "Unable to create shortcut." I tried again, and got the message "A shortcut named firefox already exists in this folder. Do you want to replace it?" I chose "Yes" and got the "Unable to create shortcut" error again.

Any ideas?

Anyway, today and the next couple of days, I'm working 8 a.m. to 8 p.m. so will only be able to reply when I get home after that. So sorry that it will take me so long to reply.

And, again, thank you very much for your time in assisting me with this problem, DMJ.

Security Check log follows.

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.22.87 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 27% Defragment your hard drive soon!
````````````````````End of Log``````````````````````
 
Okay. Run this tool and tell me if they get fixed:

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.

=====================================================================

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
 
Doesn't seem to be any change. I did not install the new versions of Java, Flash Player, or Adobe Reader because I was unable to uninstall the older versions of Java or Adobe Reader. When attempting to uninstall those programs I got a message saying "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."

Flash Player did uninstall, but I didn't want to install anything else until I hear from you.

Here are the 3 logs from RogueKiller, though.

RKreport[1]

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Chris [Admin rights]
Mode: Scan -- Date: 08/07/2012 21:07:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 166c6c43363eb241ae46356fe01e0839
[BSP] ea0f6f318ebcda404c59031ac74fcd50 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD20EADS-00S2B0 +++++
--- User ---
[MBR] e9778f5d5d93730d7fd48041c4d6d0e5
[BSP] 5253a7ed3889a1c35a8b1e7cd1b7115c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RKreport[2]

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Chris [Admin rights]
Mode: Remove -- Date: 08/07/2012 21:09:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] 166c6c43363eb241ae46356fe01e0839
[BSP] ea0f6f318ebcda404c59031ac74fcd50 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD20EADS-00S2B0 +++++
--- User ---
[MBR] e9778f5d5d93730d7fd48041c4d6d0e5
[BSP] 5253a7ed3889a1c35a8b1e7cd1b7115c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RKreport[3]


RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Chris [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/07/2012 21:21:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 19 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 84 / Fail 0
My documents: Success 175 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 968 / Fail 2
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
Let's take a different look here...

Go to Start > Run, type in CMD and hit OK.

Type this in the Command Line and hit enter:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Should be a confirmation, and then reboot your system. Let me know if this worked.
 
No joy. The problem persists. The following is the confirmation from the window after everything ran.

"Task is completed. Some files in the configuration are not found on this system
so security cannot be set/queried. It's ok to ignore.
See log %windir%\security\logs\scesrv.log for detail info."

Do you need or want a copy of the log?

Thanks for your continued efforts, DMJ.
 
Nothing has changed since running the above Command Line.

IE still tries to connect for a second or two, and the window disappears.

Windows Media Player won't come up at all.

On the Desktop, I can now double-click to open files and executables, but shortcuts still have to be right-clicked and opened.

I can open the Control Panel now, but I still can't use Add/Remove Programs to uninstall Adobe Reader or Java. I still get the message about "Windows Installer Service could not be accessed." after confirming that I want to remove them.
 
WMIC Failure

You currently have what is called a WMIC failure, which happens when the Windows Management Instrumentation has been completely damaged.

As a victim of this in the past, the only way to solve this problem is a reformat and reinstall of the operating system.

Signs of WMIC failure:

-Common Windows programs, such as Windows Search, Windows Help and Support, Windows System Information, etc. do not work properly.

-Apparent lack of control over the computer, via the user.

-Odd disruption in functionality of normal Windows programs. Resource disruption.

-Some Windows Services give a "WMI Error" when trying to configure them.


Your computer has presented at least two of these issues. It is recommended to proceed with the reformat and reinstall.

You can easily back up data, and do the operation. It will save us time, and we will not be running around in circles.

Let me know what you want to do.
 
Ok. Those are the breaks, I guess.

I can handle the reformat and reinstall, DMJ. Just have to get my disks out of storage.

Thanks a lot for all your help and time spent with this issue.
 
You're welcome. We did the best possible ways to check things out. When I began seeing issues with the same symptoms showing in the event log, it became clear the WMIC was failing.

WMIC failure is one of the single most important reasons people have to reformat and reinstall their operating system. It has mostly to do with virus infections, because virus infections tend to infect the WMI console to try and tell the OS that the antivirus is out of date or that the existence of an antivirus is not there.

Rogue antivirus software tend to do this the most, because they want the user's attention on the fake antivirus software rather than their real software. But, when things go awry, the virus infection may damage the WMIC inevitably leading to a catastrophic failure of the operating system.

But, anyway, if you have anymore questions, PM me. Otherwise, this topic marked as solved. √
 
Status
Not open for further replies.

Similar threads

J
Open RAN means to enable next-gen mobile infrastructure, but what's been going on?
Replies
1
Views
379
Uncle Al
Uncle Al
D
Firefox users can now import Chrome extensions, but there's a catch
Replies
4
Views
469
Feng Lengshun
F
A
Microsoft Paint is also getting layer and transparency support
Replies
8
Views
438
Wye43
W

Latest posts

Back