Inactive [InActive] Invalid Boot.Ini File Boot from C: File

Hello--For the past week I've been in contact with Surferdude2 + Mitchell Coolidge. Both members of Windows BBS. I've been told I have Malware infector.
I'm experiencing problem with keeping the Boot.Ini File in msconfig. Its disappeared from the utility. I had a backup copy of the boot on my computer but when I went to open it it deleted itself.

I download Malwarebytes and found one issue. This was last week I deleted the issue. I probably should of quarantine it but I deleted it. What I remember it said Security and forgot the rest. My computer runs good except for the boot.Ini missing in msconfig utility. I've backup both files and setting also the system state. I've ran the mirrow 1 file. I did save the attachment and DDS on my desktop. I'll wait until further instructions before continuing.

Thank you for your help.
Garry

 

Hi
Please post the DDS logs.

Thanks
Geri

 

Hello Geri--Thank you for your very quick response to my Invalid Boot.Ini File the first is the attach from notepad

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/29/2009 4:39:05 PM
System Uptime: 6/9/2009 4:50:56 PM (2 hours ago)
Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | PPGA | 1694/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.881 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 70.526 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP35: 6/2/2009 6:24:56 PM - Microsoft Backup Utility Recovery
RP36: 6/5/2009 12:11:36 PM - System Checkpoint
RP37: 6/5/2009 2:17:59 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
ArcSoft PhotoImpression 5
AusLogics Registry Cleaner
avast! Antivirus
CCleaner (remove only)
Choice Guard
ClearType Tuning Control Panel Applet
Critical Update for Windows Media Player 11 (KB959772)
DriverAgent by eSupport.com
EPSON CX3900 Series User's Guide
EPSON Printer Software
EPSON Scan
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Ink Monitor
Java(TM) 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSN
MSVCRT
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.0
RegCure 1.5.2.7
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Skype™ 3.8
Tweak UI
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoCAM Look
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/5/2009 7:51:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/5/2009 7:51:37 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/5/2009 7:51:37 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/5/2009 7:09:03 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/4/2009 5:29:25 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
6/4/2009 5:29:25 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
6/4/2009 5:28:36 PM, error: Service Control Manager [7023] - The avast! Mail Scanner service terminated with the following error: Cannot create a file when that file already exists.
6/4/2009 5:27:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
6/4/2009 5:27:52 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2009 8:37:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/2/2009 8:37:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
6/2/2009 11:33:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/2/2009 11:29:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT pctgntdi Processor RasAcd Rdbss Tcpip WS2IFSL
6/2/2009 11:29:40 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2009 11:29:40 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2009 11:29:40 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/2/2009 11:29:40 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

Here's the DDS on Desktop DDS (Ver_09-05-14.01) - NTFSx86
Run by Garry Wimer at 18:30:00.60 on Tue 06/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.259 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090609-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Garry Wimer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Garry Wimer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Garry Wimer\My Documents\Downloads\dds (1).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240954489562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: {F2C9BB75-9D3B-4783-ADC0-6BD5F61537E0} = 200.91.75.6,200.91.75.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-4 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-4 352920]
S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-1 234888]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

=============== Created Last 30 ================

2009-06-09 16:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-06-05 15:44 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 15:44 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-05 15:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:22 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-06-03 14:47 <DIR> --d----- C:\Temp. Boot .ini file
2009-06-03 14:46 <DIR> --d----- C:\New Folder
2009-06-02 16:43 <DIR> --d----- c:\windows\Ask & Record Toolbar
2009-06-02 16:43 <DIR> --d----- c:\windows\Applian FLV Player
2009-06-02 07:24 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-06-01 11:16 <DIR> --d----- c:\program files\ConvertHelper
2009-06-01 07:57 <DIR> --d----- c:\program files\AskBarDis
2009-06-01 07:57 <DIR> --d----- c:\program files\Ask & Record Toolbar
2009-06-01 07:51 7,349,744 a------- c:\program files\FLV PlayerATBSetup.exe
2009-05-31 19:21 <DIR> --d----- c:\program files\VideoLAN
2009-05-31 12:17 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-05-31 12:17 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-05-31 12:17 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-05-31 12:17 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-05-31 12:17 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-05-31 12:17 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-05-31 12:17 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-05-31 12:17 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-05-30 09:54 155,255,392 a------- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-05-29 10:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-29 10:18 227,224 a------- c:\program files\jre-6u13-windows-i586-p-iftw-k.exe
2009-05-28 17:08 2,904,384 a------- c:\program files\ca_yahooantispy_211_setup_en.exe
2009-05-28 07:13 <DIR> --d--r-- c:\program files\Yahoo!
2009-05-28 07:11 3,247,736 a------- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-28 07:09 3,247,736 a------- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-27 15:26 1,632 a------- c:\windows\system32\d3d8caps.tmp
2009-05-26 17:03 <DIR> --d----- c:\documents and settings\garry wimer\dwhelper
2009-05-25 15:46 725,856 a------- c:\program files\bdtoolbar May 25, 2009 (1).zip
2009-05-25 11:16 <DIR> --d----- c:\docume~1\garryw~1\applic~1\PCToolsFirewallPlus
2009-05-25 11:15 <DIR> --d----- c:\docume~1\garryw~1\applic~1\PCToolsSpamMonitorPlus
2009-05-25 10:58 1,591,168 a------- c:\windows\PCTBDCore.dll.old
2009-05-25 10:58 <DIR> --d--r-- c:\program files\Browser Defender
2009-05-25 10:57 <DIR> --d--r-- c:\program files\PC Tools Internet Security
2009-05-25 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-25 10:35 25,341,928 a------- c:\program files\issetup.exe
2009-05-23 10:55 556,184 a------- c:\program files\ChromeSetup May 23, 2009.exe
2009-05-20 08:30 <DIR> --d----- c:\program files\Help for Skype – user guides, FAQs, customer support_files
2009-05-19 13:56 <DIR> --d----- c:\program files\Drivers Agent List of Download of Drivers May 18, 2009
2009-05-18 18:30 <DIR> --d----- c:\windows\nview
2009-05-16 18:02 49,152 a------- c:\windows\system32\E_DCINST.DLL
2009-05-16 18:02 75,264 a------- c:\windows\system32\E_FLBBEP.DLL
2009-05-16 18:02 62,976 a------- c:\windows\system32\E_FD4BBEP.DLL
2009-05-16 17:53 <DIR> --d--r-- C:\NVIDIA
2009-05-16 16:19 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-16 15:01 754 a------- c:\windows\WORDPAD.INI
2009-05-14 13:37 <DIR> --d--r-- c:\program files\Lavasoft
2009-05-14 13:20 37,452,296 a------- c:\program files\Ad-AwareAE.exe
2009-05-13 14:01 <DIR> --d----- c:\program files\UpxFrontend-1.1
2009-05-13 13:52 <DIR> --d--r-- c:\program files\UpxFrontend
2009-05-12 18:14 <DIR> --d----- c:\docume~1\garryw~1\applic~1\PC Updater
2009-05-11 17:55 <DIR> --d----- c:\docume~1\garryw~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

==================== Find3M ====================

2009-05-25 18:46 1,751,552 a------- c:\program files\GoogleWebAcceleratorSetup.msi
2009-05-20 08:30 26,352 a------- c:\program files\Help for Skype – user guides, FAQs, customer support.htm
2009-05-10 13:16 1,878,888 a------- c:\program files\install_flash_player.exe
2009-05-09 17:50 478,618 a------- c:\program files\JkDefrag-3.36.zip
2009-05-07 18:00 3,227,248 a------- c:\program files\ccsetup219 May 7, 2009.exe
2009-05-04 07:21 102,400 a------- c:\program files\chromechannel-2.0.exe
2009-04-10 11:28 77 ---sh--- c:\program files\common files\Desktop.ini
2009-04-05 17:25 7,518,920 a------- c:\program files\Firefox Setup 3.0.8.exe
2009-03-30 16:34 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-03-30 13:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-29 16:28 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 18:30:49.40 ===============

 

Hi
OK, I don't see anything jumping out at me. Lets get a on line scan.

Please run CCleaner.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Hello Geri--I scan the computer which took over two hours to do then I click on the scan report as instructed but nothing would come up. On the bottom of the window ask to turn off the pop up blocker and I done that in tools but no report would come up to save. I save the whole webpage to the desktop anyway. I must of not done something right. I do know when the scan was completed there were no malware detected. Any suggestions why no report would display.
Thanks Garry

 

Hello Geri--I went back to the desktop and open the scan which I saved and this is what appeared.

KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 11, 2009 18:42:47
Records in database: 2337631


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 41857
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:19:27

No malware has been detected. The scan area is clean.
The selected area was scanned.

I hope this helps you its not much but this is what I got off the scan.

Thanks again
Garry

 

Hi

OK,
Let run one more scan.

Download RootRepeal.zip to your Desktop.

• Extract the compressed file to it's own folder.
• Open the folder and doubleclick on RootRepeal.exe to run it.
• Click on the Report tab, and then click on: Scan
• A window opens asking what to include in the scan.
• Check the following boxes then click OK:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• You will then be asked which drive to scan.
• Check C: (or the drive your operating system is installed on, if not C)
• Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here

Thanks
Geri

 

Good morning Geri--I'm sort of confused with the RootRepeal.zip file where do I find this to download. I clicked on your RootRepeal.zip but it brings me to a page where I've search all over for it with out no results. Sorry to be so naive but I can't find to download.
Thanks
Garry

 

Hi
Scroll down the page untill you see the "download" section, it is the last entry in that section.

Geri

 

Here Geri the scan didn't take that long.
I hope that I done this correctly for you.
Thanks Garry

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/12 13:32
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xF4D3D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8CA4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xF87F6000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd76b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd7574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd7a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd714c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd764e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd708c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd70f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd776e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd772e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xf4dd78ae

==EOF==ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/12 13:19
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers

 

Hi
OK nothing showing it that either.

I don't belive this is a malware issue, but lets run a tool.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

**NOTE - Allow ComboFix to update if prompted.

Geri

 

Hi Geri--Here's the combofix.exe scan//Before I displayed it I need to inform you there were a couple dialog boxes that appeared The batch file could not be found three lines exact same thing//Then it asked if I wanted to scan anyway I click yes of course then another box indicated BootPartition cannot be enumerated correctly. click OK then the auto scan started.

Thank you Geri for your help
Garry

ComboFix 09-06-12.04 - Garry Wimer 06/13/2009 9:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.261 [GMT -6:00]
Running from: c:\documents and settings\Garry Wimer\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090612-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 15:15 . 2009-06-13 15:15 389120 ----a-w- c:\windows\system32\CF10499.exe
2009-06-13 00:21 . 2009-06-13 00:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-13 00:21 . 2009-06-13 00:31 -------- d-----w- c:\program files\DivX
2009-06-12 19:15 . 2009-06-12 19:15 0 ----a-w- c:\documents and settings\Garry Wimer\settings.dat
2009-06-11 22:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 22:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 19:14 . 2009-06-11 23:49 152576 ----a-w- c:\documents and settings\Garry Wimer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 14:15 . 2009-06-11 14:15 152576 ----a-w- c:\documents and settings\Garry Wimer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-10 17:28 . 2009-06-10 22:00 -------- d-----w- c:\program files\IObit
2009-06-05 21:44 . 2009-05-26 19:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 21:44 . 2009-05-26 19:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 21:44 . 2009-06-05 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 23:22 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-04 23:22 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-04 23:22 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-04 23:22 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-04 23:22 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-04 23:22 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-04 23:22 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-04 23:22 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-04 23:22 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-04 23:22 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-04 23:21 . 2009-06-04 23:21 -------- d-----w- c:\program files\Alwil Software
2009-06-03 20:47 . 2009-06-05 23:45 -------- d-----w- C:\Temp. Boot .ini file
2009-06-03 20:46 . 2009-06-03 20:46 -------- d-----w- C:\New Folder
2009-06-02 22:43 . 2009-06-02 22:43 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-06-02 22:43 . 2009-06-02 22:43 -------- d-----w- c:\windows\Applian FLV Player
2009-06-02 13:24 . 2009-06-12 22:42 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-01 17:16 . 2009-06-02 22:44 -------- d-----w- c:\program files\ConvertHelper
2009-06-01 13:57 . 2009-06-02 22:44 -------- d-----w- c:\program files\AskBarDis
2009-06-01 13:57 . 2009-06-03 22:41 -------- d-----w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\FLVService
2009-06-01 13:57 . 2009-06-02 22:44 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-06-01 13:51 . 2009-06-01 13:53 7349744 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2009-06-01 13:50 . 2009-06-02 22:43 -------- d-----w- c:\program files\FLV Player
2009-06-01 01:23 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\vlc
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\program files\VideoLAN
2009-05-31 18:17 . 2003-11-04 21:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-05-31 18:17 . 2004-01-12 08:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-05-30 17:10 . 2009-06-08 20:25 1 ------w- c:\documents and settings\Garry Wimer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-30 15:54 . 2009-05-30 16:41 155255392 ----a-w- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-05-29 16:21 . 2009-05-21 17:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 16:18 . 2009-05-29 16:18 227224 ----a-w- c:\program files\jre-6u13-windows-i586-p-iftw-k.exe
2009-05-29 00:10 . 2009-05-29 00:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-29 00:08 . 2009-05-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-28 23:08 . 2009-05-28 23:09 2904384 ----a-w- c:\program files\ca_yahooantispy_211_setup_en.exe
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PCToolsFirewallPlus
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PCToolsSpamMonitorPlus
2009-05-28 13:13 . 2009-05-28 13:13 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Yahoo!
2009-05-28 13:13 . 2009-06-02 22:43 -------- d-----r- c:\program files\Yahoo!
2009-05-28 13:11 . 2009-05-28 13:11 3247736 ----a-w- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-28 13:09 . 2009-05-28 13:10 3247736 ----a-w- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-26 23:03 . 2009-05-28 00:29 -------- d-----w- c:\documents and settings\Garry Wimer\dwhelper
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2009-05-25 21:46 . 2009-05-25 21:46 725856 ----a-w- c:\program files\bdtoolbar May 25, 2009 (1).zip
2009-05-25 17:16 . 2009-05-25 17:16 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PCToolsFirewallPlus
2009-05-25 17:15 . 2009-05-25 17:15 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PCToolsSpamMonitorPlus
2009-05-25 16:58 . 2009-05-25 16:58 -------- d-----w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\Threat Expert
2009-05-25 16:58 . 2009-05-30 19:18 -------- d-----r- c:\program files\Browser Defender
2009-05-25 16:57 . 2009-06-04 23:32 -------- d-----r- c:\program files\PC Tools Internet Security
2009-05-25 16:57 . 2009-06-04 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 16:35 . 2009-05-25 16:42 25341928 ----a-w- c:\program files\issetup.exe
2009-05-23 16:55 . 2009-05-23 16:55 556184 ----a-w- c:\program files\ChromeSetup May 23, 2009.exe
2009-05-20 14:30 . 2009-05-20 14:30 -------- d-----w- c:\program files\Help for Skype – user guides, FAQs, customer support_files
2009-05-19 19:56 . 2009-05-19 20:14 -------- d-----w- c:\program files\Drivers Agent List of Download of Drivers May 18, 2009
2009-05-19 00:30 . 2009-05-19 00:30 -------- d-----w- c:\windows\nview
2009-05-17 00:02 . 2004-09-11 02:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL
2009-05-17 00:02 . 2006-08-10 08:02 75264 ----a-w- c:\windows\system32\E_FLBBEP.DLL
2009-05-17 00:02 . 2006-04-19 08:00 62976 ----a-w- c:\windows\system32\E_FD4BBEP.DLL
2009-05-16 23:53 . 2009-05-21 00:25 -------- d-----r- C:\NVIDIA
2009-05-16 22:19 . 2009-05-16 22:19 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-14 19:47 . 2009-05-15 22:16 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-14 19:37 . 2009-05-21 00:18 -------- d-----r- c:\program files\Lavasoft
2009-05-14 19:20 . 2009-05-14 19:33 37452296 ----a-w- c:\program files\Ad-AwareAE.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 23:18 . 2009-03-30 00:02 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Skype
2009-06-12 22:32 . 2009-04-25 23:28 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\skypePM
2009-06-12 00:28 . 2009-04-03 02:08 -------- d-----r- c:\program files\Windows Desktop Search
2009-06-11 23:53 . 2009-04-03 01:33 -------- d-----r- c:\program files\Java
2009-06-10 17:28 . 2009-05-02 18:42 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\IObit
2009-06-10 17:12 . 2009-04-28 01:48 -------- d-----r- c:\program files\RegCure
2009-06-10 02:13 . 2009-05-09 23:54 -------- d-----w- c:\program files\JkDefrag-3.36 (1)
2009-06-05 21:45 . 2009-04-03 17:58 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Malwarebytes
2009-06-04 23:31 . 2009-04-03 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-30 19:19 . 2009-03-29 23:25 -------- d-----r- c:\program files\AVG
2009-05-27 21:26 . 2009-05-27 21:26 1632 ----a-w- c:\windows\system32\d3d8caps.tmp
2009-05-26 13:12 . 2009-03-31 20:05 -------- d-----r- c:\program files\Windows Defender
2009-05-26 01:45 . 2009-03-30 00:02 -------- d-----r- c:\program files\Google
2009-05-26 00:46 . 2009-05-26 00:45 1751552 ----a-w- c:\program files\GoogleWebAcceleratorSetup.msi
2009-05-25 06:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 00:21 . 2009-04-16 17:57 -------- d-----r- c:\program files\Windows Media Connect 2
2009-05-21 00:21 . 2009-04-29 21:13 -------- d-----r- c:\program files\Windows Live
2009-05-21 00:20 . 2009-03-30 00:02 -------- d-----r- c:\program files\Skype
2009-05-21 00:20 . 2009-05-13 19:52 -------- d-----r- c:\program files\UpxFrontend
2009-05-21 00:20 . 2009-05-01 22:37 -------- d-----r- c:\program files\r2 Studios
2009-05-21 00:19 . 2009-05-01 16:49 -------- d-----r- c:\program files\OpenOffice.org 3.0 (en-US) Installation Files
2009-05-21 00:19 . 2009-04-29 21:16 -------- d-----r- c:\program files\Microsoft Sync Framework
2009-05-21 00:18 . 2009-04-29 18:18 -------- d-----r- c:\program files\Microsoft
2009-05-21 00:18 . 2009-04-29 15:59 -------- d-----r- c:\program files\Microsoft Silverlight
2009-05-20 14:30 . 2009-05-20 14:30 -------- d-----w- c:\program files\Help for Skype – user guides, FAQs, customer support_files
2009-05-20 14:30 . 2009-05-20 14:30 26352 ----a-w- c:\program files\Help for Skype – user guides, FAQs, customer support.htm
2009-05-19 20:40 . 2009-04-12 21:16 -------- d-----r- c:\program files\COMODO
2009-05-14 14:09 . 2009-05-14 14:08 3386264 ------w- c:\documents and settings\Garry Wimer\Application Data\PC Updater\PCUPDATER.EXE
2009-05-14 14:08 . 2009-05-13 00:14 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PC Updater
2009-05-13 20:03 . 2009-05-13 20:01 -------- d-----w- c:\program files\UpxFrontend-1.1
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:12 . 2009-03-29 23:37 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-12 00:01 . 2009-03-30 13:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-11 23:55 . 2009-05-11 23:55 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-10 19:16 . 2009-05-10 19:16 1878888 ----a-w- c:\program files\install_flash_player.exe
2009-05-09 23:50 . 2009-05-09 23:50 478618 ----a-w- c:\program files\JkDefrag-3.36.zip
2009-05-08 00:00 . 2009-05-07 23:59 3227248 ----a-w- c:\program files\ccsetup219 May 7, 2009.exe
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 13:21 . 2009-05-04 13:21 102400 ----a-w- c:\program files\chromechannel-2.0.exe
2009-05-01 21:03 . 2009-06-13 00:31 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 21:03 . 2009-06-13 00:31 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-01 21:03 . 2009-06-13 00:31 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-01 21:03 . 2009-06-13 00:31 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-01 21:03 . 2009-06-13 00:31 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2009-06-13 00:31 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 20:48 . 2009-03-29 22:49 17864 ------w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-25 23:28 . 2009-04-25 23:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-25 23:27 . 2009-03-30 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-25 23:27 . 2009-04-25 23:27 -------- d-----w- c:\program files\Common Files\Skype
2009-04-23 21:03 . 2009-04-23 21:03 -------- d-----w- c:\program files\Common Files\Scanner
2009-04-20 22:00 . 2009-04-20 22:00 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 23:48 . 2009-03-31 01:28 -------- d-----r- c:\program files\Auslogics
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-05 23:25 . 2009-04-05 23:22 7518920 ----a-w- c:\program files\Firefox Setup 3.0.8.exe
2009-03-30 22:34 . 2009-03-30 22:34 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-03-30 19:39 . 2009-03-29 22:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-30 14:40 . 2009-03-30 14:40 0 ----a-w- c:\windows\nsreg.dat
2009-03-29 22:28 . 2009-03-29 22:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-25 12:29 . 2009-01-21 13:49 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Ram Optimizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/4/2009 5:22 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2009 5:22 PM 20560]
S3 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [6/1/2009 7:58 AM 234888]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1409082233-1801674531-1003.job
- c:\documents and settings\Garry Wimer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 16:56]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{73E5A440-C37F-4AD6-9793-5A2A2DFEF0EF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: {F2C9BB75-9D3B-4783-ADC0-6BD5F61537E0} = 200.91.75.6,200.91.75.5
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 09:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-13 9:41
ComboFix-quarantined-files.txt 2009-06-13 15:41

Pre-Run: 28,172,660,736 bytes free
Post-Run: 28,335,407,104 bytes free

235 --- E O F --- 2009-05-27 14:21
.

 

Hi
OK is there a reason you did not let the recovery console install?

I'm seeing this in the logs, is this something you added to C:\ ?
C:\Temp. Boot .ini file

Do you have this file C:\Boot.bak ?
along with...
C:\Boot.ini ?

Geri

 

Hello Geri--I thought I had done what was required to run the Combofix scan yesterday but evidently I didn't. First off in this quick reply box I don't know exactly what's going on with this reply box but I have half of this box in solid blue and the rest is in white and blue solid lines going through the remaining empty space. Getting back to your question in hand I tried to start all over and run the Combofix.exe scan. I'm having a lot of difficulty getting past where the tiny little box that comes up after the download. It does it thing and it will not let me go past when finish its keeps asking that I've downloaded this combo fix so many times I have the number of download in parenthesis ( ). I go back and erase the download but still comes up with the number where I left off at. Sorry to cause be causing so much havoc but this is what is happening on my end. I must ask in your instructions you say to download this program to my desktop or does this mean download the information to my desktop which I have been doing.
Please explain to me why would the reply box be giving me problem like I was explaining.
I checked for those two files in my search box and found the boot.ini found backup but when I go to click it on boot.bak comes up in the folder that's it. The other file was there but it seem like every time I click it on there comes a duplicate in it's place.
That's all for now.
Garry

 

I'm surprise this last reply made it to the Windows BBS screen. It keep loading and loading. I finally had to just go off back into the email and click back on the reply from your last reply and there my return message was there.
Garry

 

Hi

You should just end up with a red circle icon with combofix.exe under it on your desktop.

Please do this to go to C:\
Click on Start
Click on My Computer
Double click on Local Disk C:\
Find the file temp. Boot .ini
Right click on it and select Rename
Rename it to temp. Boot .ini.old
Click anywhere on your screen, OK any prompts.
Restart your computer.

Please post a new DDS log, let me know if you receive any error messages.

I'll ask about the reply box, and let you know.

Thanks
Geri

 

Hi Geri I received your message here's the attach file. DDS underneath the first file. No errors occured.
I rename the boot.ini in my C: folder --nothing happened-- no errors of any source.
I'm going to try and paste a image of what I was talking about on my last email to you about the Windows BBS return screen on bottom of each reply.
Thank you for helping me
Garry

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/29/2009 4:39:05 PM
System Uptime: 6/15/2009 3:05:59 PM (0 hours ago)
Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | PPGA | 1694/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.356 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 71.809 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_CD-ROM_SC-148C__________________B100____\5&4F41875&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SAMSUNG CD-ROM SC-148C
PNP Device ID: IDE\CDROMSAMSUNG_CD-ROM_SC-148C__________________B100____\5&4F41875&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-232B_________________R301____\5&4F41875&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: SAMSUNG CD-R/RW SW-232B
PNP Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-232B_________________R301____\5&4F41875&0&0.1.0
Service: cdrom

==== System Restore Points ===================

RP45: 6/13/2009 1:38:55 PM - Removed Google Web Accelerator
RP46: 6/14/2009 3:57:49 PM - Before Deleting the two keys from registry
RP47: 6/14/2009 10:32:02 PM - Installed Windows XP KB915865.
RP48: 6/14/2009 10:32:58 PM - Installed Windows NLSDownlevelMapping.
RP49: 6/14/2009 10:33:28 PM - Installed Windows IDNMitigationAPIs.
RP50: 6/14/2009 10:33:54 PM - Installed Windows Internet Explorer 7.
RP51: 6/14/2009 10:34:25 PM - Software Distribution Service 3.0
RP52: 6/14/2009 10:44:19 PM - Installed Windows XP KB915865.
RP53: 6/14/2009 10:45:33 PM - Installed Windows NLSDownlevelMapping.
RP54: 6/14/2009 10:46:19 PM - Installed Windows IDNMitigationAPIs.
RP55: 6/14/2009 10:47:55 PM - Installed Windows Internet Explorer 7.
RP56: 6/14/2009 10:49:16 PM - Software Distribution Service 3.0
RP57: 6/14/2009 10:53:27 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced SystemCare 3
ArcSoft PhotoImpression 5
avast! Antivirus
CCleaner (remove only)
Choice Guard
ClearType Tuning Control Panel Applet
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
DriverAgent by eSupport.com
EPSON CX3900 Series User's Guide
EPSON Printer Software
EPSON Scan
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Ink Monitor
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.11)
MSN
MSVCRT
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Skype™ 3.8
Tweak UI
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoCAM Look
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/9/2009 7:43:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/9/2009 7:43:31 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2009 7:43:31 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/14/2009 10:49:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Update Rollup for ActiveX Killbits for Windows XP (KB969898).
6/13/2009 9:30:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
6/11/2009 6:10:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
6/11/2009 6:10:32 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/11/2009 6:09:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

==== End Of File ===========================

DDS File

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/29/2009 4:39:05 PM
System Uptime: 6/15/2009 3:05:59 PM (0 hours ago)
Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | PPGA | 1694/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.356 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 71.809 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_CD-ROM_SC-148C__________________B100____\5&4F41875&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SAMSUNG CD-ROM SC-148C
PNP Device ID: IDE\CDROMSAMSUNG_CD-ROM_SC-148C__________________B100____\5&4F41875&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-232B_________________R301____\5&4F41875&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: SAMSUNG CD-R/RW SW-232B
PNP Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-232B_________________R301____\5&4F41875&0&0.1.0
Service: cdrom

==== System Restore Points ===================

RP45: 6/13/2009 1:38:55 PM - Removed Google Web Accelerator
RP46: 6/14/2009 3:57:49 PM - Before Deleting the two keys from registry
RP47: 6/14/2009 10:32:02 PM - Installed Windows XP KB915865.
RP48: 6/14/2009 10:32:58 PM - Installed Windows NLSDownlevelMapping.
RP49: 6/14/2009 10:33:28 PM - Installed Windows IDNMitigationAPIs.
RP50: 6/14/2009 10:33:54 PM - Installed Windows Internet Explorer 7.
RP51: 6/14/2009 10:34:25 PM - Software Distribution Service 3.0
RP52: 6/14/2009 10:44:19 PM - Installed Windows XP KB915865.
RP53: 6/14/2009 10:45:33 PM - Installed Windows NLSDownlevelMapping.
RP54: 6/14/2009 10:46:19 PM - Installed Windows IDNMitigationAPIs.
RP55: 6/14/2009 10:47:55 PM - Installed Windows Internet Explorer 7.
RP56: 6/14/2009 10:49:16 PM - Software Distribution Service 3.0
RP57: 6/14/2009 10:53:27 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced SystemCare 3
ArcSoft PhotoImpression 5
avast! Antivirus
CCleaner (remove only)
Choice Guard
ClearType Tuning Control Panel Applet
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
DriverAgent by eSupport.com
EPSON CX3900 Series User's Guide
EPSON Printer Software
EPSON Scan
Google Chrome
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Ink Monitor
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.11)
MSN
MSVCRT
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 3.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Segoe UI
Skype™ 3.8
Tweak UI
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
VideoCAM Look
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/9/2009 7:43:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/9/2009 7:43:31 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/9/2009 7:43:31 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/14/2009 10:49:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f205: Update Rollup for ActiveX Killbits for Windows XP (KB969898).
6/13/2009 9:30:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
6/11/2009 6:10:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
6/11/2009 6:10:32 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/11/2009 6:09:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

==== End Of File ===========================

 

I hope this comes out so you can see what I was trying to say earlier.
The screen wouldn't copy what I'm seeing on my end. Sorry!

Garry

 

Geri-- I was able to copy the image to text. If you trust me with sending me your email I will attach the image just to show you what I'm looking at when I reply a message on Windows BBS.
Garry

 

Hi
You posted the Attach.txt twice, I need to see the DDS.txt log.

I'll let you know if I need to see the reply problem, I have a message to the Admin. right now.

Are you still having your orignal problem?

Geri