Inactive [InActive] Invalid Boot.Ini File Boot from C: File

Hi Geri--I don't what you instructed. Yes to your question I'm still noticing the Invalid boot.ini Booting from C: Windows showing before the boot up. I run the DDS this morning. Hope I got it right this time.
Garry

DDS (Ver_09-05-14.01) - NTFSx86
Run by Garry Wimer at 7:58:41.64 on Tue 06/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.119 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090615-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Garry Wimer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - SingleInstance Class
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240954489562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: {F2C9BB75-9D3B-4783-ADC0-6BD5F61537E0} = 200.91.75.6,200.91.75.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\garryw~1\applic~1\mozilla\firefox\profiles\5k46y018.default\
FF - prefs.js: browser.search.selectedEngine - Metacafe
FF - prefs.js: browser.startup.homepage - hxxp://mail.live.com/default.aspx?wa=wsignin1.0
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\garry wimer\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-4 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-4 352920]
S3 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-6-1 234888]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

=============== Created Last 30 ================

2009-06-15 17:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-15 15:00 389,120 a------- c:\windows\system32\CF19777.exe
2009-06-15 14:59 389,120 a------- c:\windows\system32\CF19555.exe
2009-06-14 19:14 1,632 a------- c:\windows\system32\d3d8caps.dat
2009-06-14 18:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-06-14 12:22 389,120 a------- c:\windows\system32\CF1497.exe
2009-06-14 12:18 389,120 a------- c:\windows\system32\CF700.exe
2009-06-14 12:09 389,120 a------- c:\windows\system32\CF31741.exe
2009-06-14 12:07 389,120 a------- c:\windows\system32\CF31349.exe
2009-06-14 12:04 389,120 a------- c:\windows\system32\CF30801.exe
2009-06-13 09:15 389,120 a------- c:\windows\system32\CF10499.exe
2009-06-12 18:21 <DIR> --d----- c:\program files\DivX
2009-06-12 13:15 0 a------- c:\documents and settings\garry wimer\settings.dat
2009-06-11 18:11 1,374 a------- c:\windows\imsins.BAK
2009-06-11 16:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 16:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 11:28 <DIR> --d----- c:\program files\IObit
2009-06-05 15:44 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 15:44 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-05 15:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 17:22 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-06-03 14:47 <DIR> --d----- C:\temp. Boot .ini.old
2009-06-03 14:46 <DIR> --d----- C:\New Folder
2009-06-02 16:43 <DIR> --d----- c:\windows\Ask & Record Toolbar
2009-06-02 16:43 <DIR> --d----- c:\windows\Applian FLV Player
2009-06-02 07:24 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-06-01 11:16 <DIR> --d----- c:\program files\ConvertHelper
2009-06-01 07:57 <DIR> --d----- c:\program files\AskBarDis
2009-06-01 07:57 <DIR> --d----- c:\program files\Ask & Record Toolbar
2009-06-01 07:51 7,349,744 a------- c:\program files\FLV PlayerATBSetup.exe
2009-05-31 19:21 <DIR> --d----- c:\program files\VideoLAN
2009-05-31 12:17 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-05-31 12:17 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-05-31 12:17 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-05-31 12:17 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-05-31 12:17 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-05-31 12:17 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-05-31 12:17 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-05-31 12:17 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-05-30 09:54 155,255,392 a------- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-05-29 10:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-29 10:18 227,224 a------- c:\program files\jre-6u13-windows-i586-p-iftw-k.exe
2009-05-28 17:08 2,904,384 a------- c:\program files\ca_yahooantispy_211_setup_en.exe
2009-05-28 07:13 <DIR> --d--r-- c:\program files\Yahoo!
2009-05-28 07:11 3,247,736 a------- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-28 07:09 3,247,736 a------- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-26 17:03 <DIR> --d----- c:\documents and settings\garry wimer\dwhelper
2009-05-25 15:46 725,856 a------- c:\program files\bdtoolbar May 25, 2009 (1).zip
2009-05-25 11:16 <DIR> --d----- c:\docume~1\garryw~1\applic~1\PCToolsFirewallPlus
2009-05-25 11:15 <DIR> --d----- c:\docume~1\garryw~1\applic~1\PCToolsSpamMonitorPlus
2009-05-25 10:58 1,591,168 a------- c:\windows\PCTBDCore.dll.old
2009-05-25 10:58 <DIR> --d--r-- c:\program files\Browser Defender
2009-05-25 10:57 <DIR> --d--r-- c:\program files\PC Tools Internet Security
2009-05-25 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-25 10:35 25,341,928 a------- c:\program files\issetup.exe
2009-05-23 10:55 556,184 a------- c:\program files\ChromeSetup May 23, 2009.exe
2009-05-20 08:30 <DIR> --d----- c:\program files\Help for Skype – user guides, FAQs, customer support_files
2009-05-19 13:56 <DIR> --d----- c:\program files\Drivers Agent List of Download of Drivers May 18, 2009
2009-05-18 18:30 <DIR> --d----- c:\windows\nview

==================== Find3M ====================

2009-05-25 18:46 1,751,552 a------- c:\program files\GoogleWebAcceleratorSetup.msi
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-20 08:30 26,352 a------- c:\program files\Help for Skype – user guides, FAQs, customer support.htm
2009-05-16 16:19 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-14 13:33 37,452,296 a------- c:\program files\Ad-AwareAE.exe
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-10 13:16 1,878,888 a------- c:\program files\install_flash_player.exe
2009-05-09 17:50 478,618 a------- c:\program files\JkDefrag-3.36.zip
2009-05-07 18:00 3,227,248 a------- c:\program files\ccsetup219 May 7, 2009.exe
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-04 07:21 102,400 a------- c:\program files\chromechannel-2.0.exe
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-10 11:28 77 ---sh--- c:\program files\common files\Desktop.ini
2009-04-05 17:25 7,518,920 a------- c:\program files\Firefox Setup 3.0.8.exe
2009-03-30 16:34 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-03-30 13:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-29 16:28 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 7:59:39.68 ===============

 

Hi
Please do as surferdude2 requested...

Post #14 in your original thread.
http://www.windowsbbs.com/windows-xp/84558-invalid-c-ini-file-booting-c-windows.html

Let me know if that works.

Geri

 

Geri--Thank you for your help with this problem that I was experiencing with the Invalid .Ini boot file missing from the MSCONFIG Utility plus appearing before every boot-up. I guess you read the reply from Surferdude2 by now requesting to go ahead and go in the cmd and copying C:\WINDOWS\pss\boot.ini.backup C:\boot.ini > press Enter. Well I done that and the Boot.ini file re-appeared into the msconfig utility. I'm so glad that I didn't have to mess with the XP CD again and go through all that with the recovery. Good Job Geri.
Garry

 

Hi
That's good to hear.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Delete DDS from your Desk top.

I would really recommend that you install the Recovery Console, here is how...
How to install the Recovery Console WindowsXP

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

Surf Safely
Geri

Resolved Here

 

Geri I try to install the recovery console by copying and paste but I received a message telling that the d:\i386\winnt32.exe /cmdcons was at a location unavailable. I thought to change the "D" to "C" but I wanted to check with you first before I done that. I always thought this i386 file was in the "C" drive.
Garry

 

Hi
Your D Drive is your CD ROM, so no don't change the drive letter.

Lets try it this way.

Download ComboFix from Here to your Desktop.

You need to download the installation package for the Setup Disks for Floppy Boot Install from Microsoft so that we can use it to install the Recovery Console on your computer. No validation required! Please select the download link below that's appropriate for your Operating System then download and save the setup package to your desktop.

• Microsoft Windows XP Professional
• Without Service Packs
  http://www.microsoft.com/downloads/details.aspx?FamilyID=55820EDB-5039-4955-BCB7-4FED408EA73F
  
  
• Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?FamilyID=83F53BE9-28FA-40E8-8EC2-631504EF5E26
  
  
• Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

Geri

 

Geri, I clicked on here on your last response and combofix.exe came up and done its thing. One thing through I didn't understand was that when I was about ready to download the Microsoft SP-2 link that you supplied a box dialog box appeared on the screen telling me they couldn't find the recovery console but will install it if I click on yes so I did and as far I know the combofix.exe installed the Microsoft recovery console. So there was no dragging or dropping involved. Please leave me know if I need to do it over without them installing the recovery console.
I'll keep the computer on until I hear back from you.
Garry

Here's the report that popped up.

ComboFix 09-06-18.02 - Garry Wimer 06/19/2009 17:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.189 [GMT -6:00]
Running from: c:\documents and settings\Garry Wimer\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090619-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 22:19 . 2009-06-19 22:25 -------- d-----w- c:\program files\SpywareBlaster
2009-06-19 00:25 . 2009-06-19 00:52 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\xVideoServiceThief
2009-06-19 00:03 . 2009-06-19 00:03 -------- d-----w- c:\program files\Xesc & Technology
2009-06-18 23:24 . 2009-06-18 23:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-18 23:24 . 2009-06-18 23:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-18 22:34 . 2009-06-18 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-18 22:33 . 2009-06-18 22:33 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-18 22:31 . 2009-06-18 23:24 -------- d-----w- c:\program files\McAfee
2009-06-18 22:31 . 2009-06-18 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-18 21:05 . 2009-06-18 21:05 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 14:04 . 2009-06-17 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-17 14:04 . 2009-06-17 14:04 -------- d-----w- c:\program files\QT Lite
2009-06-16 21:34 . 2009-06-19 00:55 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Metacafe
2009-06-16 21:33 . 2009-06-18 01:09 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-16 21:33 . 2009-06-16 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe
2009-06-16 21:33 . 2009-06-16 21:33 -------- d-----w- c:\program files\Metacafe
2009-06-15 23:09 . 2009-06-15 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 01:14 . 2009-06-19 00:53 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-15 00:35 . 2009-06-15 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-06-13 00:21 . 2009-06-14 17:34 -------- d-----w- c:\program files\DivX
2009-06-12 19:15 . 2009-06-12 19:15 0 ----a-w- c:\documents and settings\Garry Wimer\settings.dat
2009-06-11 22:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 22:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 19:14 . 2009-06-11 23:49 152576 ----a-w- c:\documents and settings\Garry Wimer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 14:15 . 2009-06-11 14:15 152576 ----a-w- c:\documents and settings\Garry Wimer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-10 17:28 . 2009-06-10 22:00 -------- d-----w- c:\program files\IObit
2009-06-05 21:44 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 21:44 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 21:44 . 2009-06-18 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 23:22 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-04 23:22 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-04 23:22 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-04 23:22 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-04 23:22 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-04 23:22 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-04 23:22 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-04 23:22 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-04 23:22 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-04 23:22 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-04 23:21 . 2009-06-04 23:21 -------- d-----w- c:\program files\Alwil Software
2009-06-03 20:47 . 2009-06-05 23:45 -------- d-----w- C:\temp. Boot .ini.old
2009-06-03 20:46 . 2009-06-03 20:46 -------- d-----w- C:\New Folder
2009-06-02 22:43 . 2009-06-02 22:43 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-06-02 22:43 . 2009-06-02 22:43 -------- d-----w- c:\windows\Applian FLV Player
2009-06-02 13:24 . 2009-06-19 22:30 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-01 17:16 . 2009-06-15 00:23 -------- d-----w- c:\program files\ConvertHelper
2009-06-01 13:57 . 2009-06-02 22:44 -------- d-----w- c:\program files\AskBarDis
2009-06-01 13:57 . 2009-06-03 22:41 -------- d-----w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\FLVService
2009-06-01 13:57 . 2009-06-02 22:44 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-06-01 13:51 . 2009-06-01 13:53 7349744 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2009-06-01 13:50 . 2009-06-02 22:43 -------- d-----w- c:\program files\FLV Player
2009-06-01 01:23 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\vlc
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\program files\VideoLAN
2009-05-31 18:17 . 2003-11-04 21:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-05-31 18:17 . 2004-01-12 08:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-05-30 17:10 . 2009-06-16 19:47 1 ----a-w- c:\documents and settings\Garry Wimer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-30 15:54 . 2009-05-30 16:41 155255392 ----a-w- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-05-29 16:21 . 2009-05-21 17:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 16:18 . 2009-05-29 16:18 227224 ----a-w- c:\program files\jre-6u13-windows-i586-p-iftw-k.exe
2009-05-29 00:10 . 2009-05-29 00:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-29 00:08 . 2009-05-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-28 23:08 . 2009-05-28 23:09 2904384 ----a-w- c:\program files\ca_yahooantispy_211_setup_en.exe
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PCToolsFirewallPlus
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PCToolsSpamMonitorPlus
2009-05-28 13:13 . 2009-05-28 13:13 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Yahoo!
2009-05-28 13:13 . 2009-06-02 22:43 -------- d-----r- c:\program files\Yahoo!
2009-05-28 13:11 . 2009-05-28 13:11 3247736 ----a-w- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-28 13:09 . 2009-05-28 13:10 3247736 ----a-w- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-26 23:03 . 2009-06-15 00:16 -------- d-----w- c:\documents and settings\Garry Wimer\dwhelper
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2009-05-25 21:46 . 2009-05-25 21:46 725856 ----a-w- c:\program files\bdtoolbar May 25, 2009 (1).zip
2009-05-25 17:16 . 2009-05-25 17:16 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PCToolsFirewallPlus
2009-05-25 17:15 . 2009-05-25 17:15 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PCToolsSpamMonitorPlus
2009-05-25 16:58 . 2009-05-25 16:58 -------- d-----w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\Threat Expert
2009-05-25 16:58 . 2009-05-30 19:18 -------- d-----r- c:\program files\Browser Defender
2009-05-25 16:57 . 2009-06-04 23:32 -------- d-----r- c:\program files\PC Tools Internet Security
2009-05-25 16:57 . 2009-06-04 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 16:35 . 2009-05-25 16:42 25341928 ----a-w- c:\program files\issetup.exe
2009-05-23 16:55 . 2009-05-23 16:55 556184 ----a-w- c:\program files\ChromeSetup May 23, 2009.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 22:52 . 2009-04-03 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-19 22:48 . 2009-03-30 00:02 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Skype
2009-06-19 22:26 . 2009-04-25 23:28 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\skypePM
2009-06-18 20:25 . 2009-05-09 23:54 -------- d-----w- c:\program files\JkDefrag-3.36 (1)
2009-06-17 00:23 . 2009-05-02 18:42 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\IObit
2009-06-15 04:08 . 2009-03-31 01:28 -------- d-----r- c:\program files\Auslogics
2009-06-13 16:47 . 2009-03-30 00:02 -------- d-----r- c:\program files\Google
2009-06-12 00:28 . 2009-04-03 02:08 -------- d-----r- c:\program files\Windows Desktop Search
2009-06-11 23:53 . 2009-04-03 01:33 -------- d-----r- c:\program files\Java
2009-06-10 17:12 . 2009-04-28 01:48 -------- d-----r- c:\program files\RegCure
2009-06-05 21:45 . 2009-04-03 17:58 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Malwarebytes
2009-05-30 19:19 . 2009-03-29 23:25 -------- d-----r- c:\program files\AVG
2009-05-26 13:12 . 2009-03-31 20:05 -------- d-----r- c:\program files\Windows Defender
2009-05-26 00:46 . 2009-05-26 00:45 1751552 ----a-w- c:\program files\GoogleWebAcceleratorSetup.msi
2009-05-25 06:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 00:21 . 2009-04-16 17:57 -------- d-----r- c:\program files\Windows Media Connect 2
2009-05-21 00:21 . 2009-04-29 21:13 -------- d-----r- c:\program files\Windows Live
2009-05-21 00:20 . 2009-03-30 00:02 -------- d-----r- c:\program files\Skype
2009-05-21 00:20 . 2009-05-13 19:52 -------- d-----r- c:\program files\UpxFrontend
2009-05-21 00:20 . 2009-05-01 22:37 -------- d-----r- c:\program files\r2 Studios
2009-05-21 00:19 . 2009-05-01 16:49 -------- d-----r- c:\program files\OpenOffice.org 3.0 (en-US) Installation Files
2009-05-21 00:19 . 2009-04-29 21:16 -------- d-----r- c:\program files\Microsoft Sync Framework
2009-05-21 00:18 . 2009-04-29 18:18 -------- d-----r- c:\program files\Microsoft
2009-05-21 00:18 . 2009-04-29 15:59 -------- d-----r- c:\program files\Microsoft Silverlight
2009-05-21 00:18 . 2009-05-14 19:37 -------- d-----r- c:\program files\Lavasoft
2009-05-20 14:30 . 2009-05-20 14:30 -------- d-----w- c:\program files\Help for Skype – user guides, FAQs, customer support_files
2009-05-20 14:30 . 2009-05-20 14:30 26352 ----a-w- c:\program files\Help for Skype – user guides, FAQs, customer support.htm
2009-05-19 20:40 . 2009-04-12 21:16 -------- d-----r- c:\program files\COMODO
2009-05-19 20:14 . 2009-05-19 19:56 -------- d-----w- c:\program files\Drivers Agent List of Download of Drivers May 18, 2009
2009-05-16 22:19 . 2009-05-16 22:19 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-14 19:33 . 2009-05-14 19:20 37452296 ----a-w- c:\program files\Ad-AwareAE.exe
2009-05-14 14:09 . 2009-05-14 14:08 3386264 ------w- c:\documents and settings\Garry Wimer\Application Data\PC Updater\PCUPDATER.EXE
2009-05-14 14:08 . 2009-05-13 00:14 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PC Updater
2009-05-13 20:03 . 2009-05-13 20:01 -------- d-----w- c:\program files\UpxFrontend-1.1
2009-05-12 21:12 . 2009-03-29 23:37 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-12 00:01 . 2009-03-30 13:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-11 23:55 . 2009-05-11 23:55 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-10 19:16 . 2009-05-10 19:16 1878888 ----a-w- c:\program files\install_flash_player.exe
2009-05-09 23:50 . 2009-05-09 23:50 478618 ----a-w- c:\program files\JkDefrag-3.36.zip
2009-05-08 00:00 . 2009-05-07 23:59 3227248 ----a-w- c:\program files\ccsetup219 May 7, 2009.exe
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 13:21 . 2009-05-04 13:21 102400 ----a-w- c:\program files\chromechannel-2.0.exe
2009-04-29 20:48 . 2009-03-29 22:49 17864 ------w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 04:56 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-29 19:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-25 23:28 . 2009-04-25 23:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-25 23:27 . 2009-03-30 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-25 23:27 . 2009-04-25 23:27 -------- d-----w- c:\program files\Common Files\Skype
2009-04-23 21:03 . 2009-04-23 21:03 -------- d-----w- c:\program files\Common Files\Scanner
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-05 23:25 . 2009-04-05 23:22 7518920 ----a-w- c:\program files\Firefox Setup 3.0.8.exe
2009-03-30 22:34 . 2009-03-30 22:34 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-03-30 19:39 . 2009-03-29 22:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-30 14:40 . 2009-03-30 14:40 0 ----a-w- c:\windows\nsreg.dat
2009-03-29 22:28 . 2009-03-29 22:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-25 12:29 . 2009-01-21 13:49 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Garry Wimer^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Garry Wimer\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1539:TCP "= 1539:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"1041:TCP "= 1041:TCP:Akamai NetSession Interface

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/4/2009 5:22 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2009 5:22 PM 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/18/2009 4:32 PM 210216]
S3 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [6/1/2009 7:58 AM 234888]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1409082233-1801674531-1003.job
- c:\documents and settings\Garry Wimer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 16:56]

2009-06-19 c:\windows\Tasks\User_Feed_Synchronization-{73E5A440-C37F-4AD6-9793-5A2A2DFEF0EF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://starter.metacafe.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: {F2C9BB75-9D3B-4783-ADC0-6BD5F61537E0} = 200.91.75.6,200.91.75.5
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 17:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/rswin_3536.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/rswin_3536.dll "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1532)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-19 17:24
ComboFix-quarantined-files.txt 2009-06-19 23:24

Pre-Run: 26,807,623,680 bytes free
Post-Run: 26,827,546,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

243 --- E O F --- 2009-06-15 04:54

 

Geri I'm back as you can tell I'm not to sure of what I'm doing. I did however figured out the floppy disk part of it. I downloaded the six floppies from XP Professional SP-2 then drag and drop into combofix. This is the log that came up this time on this scan. Hope this will suffice.
Thank you for all of your help and understanding.
Garry

 

I guess it would be nice if I copied it to the thread.

ComboFix 09-06-18.02 - Garry Wimer 06/19/2009 18:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.268 [GMT -6:00]
Running from: c:\documents and settings\Garry Wimer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Garry Wimer\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(5).exe
AV: avast! antivirus 4.8.1335 [VPS 090619-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 22:19 . 2009-06-19 22:25 -------- d-----w- c:\program files\SpywareBlaster
2009-06-19 00:25 . 2009-06-19 00:52 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\xVideoServiceThief
2009-06-19 00:03 . 2009-06-19 00:03 -------- d-----w- c:\program files\Xesc & Technology
2009-06-18 23:24 . 2009-06-18 23:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-18 23:24 . 2009-06-18 23:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-06-18 22:34 . 2009-06-18 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-06-18 22:33 . 2009-06-18 22:33 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-18 22:31 . 2009-06-18 23:24 -------- d-----w- c:\program files\McAfee
2009-06-18 22:31 . 2009-06-18 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-18 21:05 . 2009-06-18 21:05 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 14:04 . 2009-06-17 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-17 14:04 . 2009-06-17 14:04 -------- d-----w- c:\program files\QT Lite
2009-06-16 21:34 . 2009-06-19 00:55 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Metacafe
2009-06-16 21:33 . 2009-06-18 01:09 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-16 21:33 . 2009-06-16 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe
2009-06-16 21:33 . 2009-06-16 21:33 -------- d-----w- c:\program files\Metacafe
2009-06-15 23:09 . 2009-06-15 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 01:14 . 2009-06-19 00:53 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-15 00:35 . 2009-06-15 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-06-13 00:21 . 2009-06-14 17:34 -------- d-----w- c:\program files\DivX
2009-06-12 19:15 . 2009-06-12 19:15 0 ----a-w- c:\documents and settings\Garry Wimer\settings.dat
2009-06-11 22:06 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 22:06 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 19:14 . 2009-06-11 23:49 152576 ----a-w- c:\documents and settings\Garry Wimer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 14:15 . 2009-06-11 14:15 152576 ----a-w- c:\documents and settings\Garry Wimer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-10 17:28 . 2009-06-10 22:00 -------- d-----w- c:\program files\IObit
2009-06-05 21:44 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-05 21:44 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 21:44 . 2009-06-18 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 23:22 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-04 23:22 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-04 23:22 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-04 23:22 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-04 23:22 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-04 23:22 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-04 23:22 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-04 23:22 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-04 23:22 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-04 23:22 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-04 23:21 . 2009-06-04 23:21 -------- d-----w- c:\program files\Alwil Software
2009-06-03 20:47 . 2009-06-05 23:45 -------- d-----w- C:\temp. Boot .ini.old
2009-06-03 20:46 . 2009-06-03 20:46 -------- d-----w- C:\New Folder
2009-06-02 22:43 . 2009-06-02 22:43 -------- d-----w- c:\windows\Ask & Record Toolbar
2009-06-02 22:43 . 2009-06-02 22:43 -------- d-----w- c:\windows\Applian FLV Player
2009-06-02 13:24 . 2009-06-19 22:30 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-01 17:16 . 2009-06-15 00:23 -------- d-----w- c:\program files\ConvertHelper
2009-06-01 13:57 . 2009-06-02 22:44 -------- d-----w- c:\program files\AskBarDis
2009-06-01 13:57 . 2009-06-03 22:41 -------- d-----w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\FLVService
2009-06-01 13:57 . 2009-06-02 22:44 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-06-01 13:51 . 2009-06-01 13:53 7349744 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2009-06-01 13:50 . 2009-06-02 22:43 -------- d-----w- c:\program files\FLV Player
2009-06-01 01:23 . 2009-06-02 22:44 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\vlc
2009-06-01 01:21 . 2009-06-01 01:21 -------- d-----w- c:\program files\VideoLAN
2009-05-31 18:17 . 2003-11-04 21:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-05-31 18:17 . 2004-05-14 22:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-05-31 18:17 . 2004-01-12 08:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-05-30 17:10 . 2009-06-16 19:47 1 ----a-w- c:\documents and settings\Garry Wimer\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-30 15:54 . 2009-05-30 16:41 155255392 ----a-w- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-05-29 16:21 . 2009-05-21 17:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 16:18 . 2009-05-29 16:18 227224 ----a-w- c:\program files\jre-6u13-windows-i586-p-iftw-k.exe
2009-05-29 00:10 . 2009-05-29 00:10 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-29 00:08 . 2009-05-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-28 23:08 . 2009-05-28 23:09 2904384 ----a-w- c:\program files\ca_yahooantispy_211_setup_en.exe
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PCToolsFirewallPlus
2009-05-28 19:58 . 2009-05-28 19:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\PCToolsSpamMonitorPlus
2009-05-28 13:13 . 2009-05-28 13:13 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Yahoo!
2009-05-28 13:13 . 2009-06-02 22:43 -------- d-----r- c:\program files\Yahoo!
2009-05-28 13:11 . 2009-05-28 13:11 3247736 ----a-w- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-28 13:09 . 2009-05-28 13:10 3247736 ----a-w- c:\program files\ccsetup220 May 28, 2009.exe
2009-05-26 23:03 . 2009-06-15 00:16 -------- d-----w- c:\documents and settings\Garry Wimer\dwhelper
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-05-26 00:11 . 2009-05-26 00:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2009-05-25 21:46 . 2009-05-25 21:46 725856 ----a-w- c:\program files\bdtoolbar May 25, 2009 (1).zip
2009-05-25 17:16 . 2009-05-25 17:16 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PCToolsFirewallPlus
2009-05-25 17:15 . 2009-05-25 17:15 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PCToolsSpamMonitorPlus
2009-05-25 16:58 . 2009-05-25 16:58 -------- d-----w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\Threat Expert
2009-05-25 16:58 . 2009-05-30 19:18 -------- d-----r- c:\program files\Browser Defender
2009-05-25 16:57 . 2009-06-04 23:32 -------- d-----r- c:\program files\PC Tools Internet Security
2009-05-25 16:57 . 2009-06-04 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 16:35 . 2009-05-25 16:42 25341928 ----a-w- c:\program files\issetup.exe
2009-05-23 16:55 . 2009-05-23 16:55 556184 ----a-w- c:\program files\ChromeSetup May 23, 2009.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 22:52 . 2009-04-03 17:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-19 22:48 . 2009-03-30 00:02 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Skype
2009-06-19 22:26 . 2009-04-25 23:28 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\skypePM
2009-06-18 20:25 . 2009-05-09 23:54 -------- d-----w- c:\program files\JkDefrag-3.36 (1)
2009-06-17 00:23 . 2009-05-02 18:42 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\IObit
2009-06-15 04:08 . 2009-03-31 01:28 -------- d-----r- c:\program files\Auslogics
2009-06-13 16:47 . 2009-03-30 00:02 -------- d-----r- c:\program files\Google
2009-06-12 00:28 . 2009-04-03 02:08 -------- d-----r- c:\program files\Windows Desktop Search
2009-06-11 23:53 . 2009-04-03 01:33 -------- d-----r- c:\program files\Java
2009-06-10 17:12 . 2009-04-28 01:48 -------- d-----r- c:\program files\RegCure
2009-06-05 21:45 . 2009-04-03 17:58 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\Malwarebytes
2009-05-30 19:19 . 2009-03-29 23:25 -------- d-----r- c:\program files\AVG
2009-05-26 13:12 . 2009-03-31 20:05 -------- d-----r- c:\program files\Windows Defender
2009-05-26 00:46 . 2009-05-26 00:45 1751552 ----a-w- c:\program files\GoogleWebAcceleratorSetup.msi
2009-05-25 06:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 00:21 . 2009-04-16 17:57 -------- d-----r- c:\program files\Windows Media Connect 2
2009-05-21 00:21 . 2009-04-29 21:13 -------- d-----r- c:\program files\Windows Live
2009-05-21 00:20 . 2009-03-30 00:02 -------- d-----r- c:\program files\Skype
2009-05-21 00:20 . 2009-05-13 19:52 -------- d-----r- c:\program files\UpxFrontend
2009-05-21 00:20 . 2009-05-01 22:37 -------- d-----r- c:\program files\r2 Studios
2009-05-21 00:19 . 2009-05-01 16:49 -------- d-----r- c:\program files\OpenOffice.org 3.0 (en-US) Installation Files
2009-05-21 00:19 . 2009-04-29 21:16 -------- d-----r- c:\program files\Microsoft Sync Framework
2009-05-21 00:18 . 2009-04-29 18:18 -------- d-----r- c:\program files\Microsoft
2009-05-21 00:18 . 2009-04-29 15:59 -------- d-----r- c:\program files\Microsoft Silverlight
2009-05-21 00:18 . 2009-05-14 19:37 -------- d-----r- c:\program files\Lavasoft
2009-05-20 14:30 . 2009-05-20 14:30 -------- d-----w- c:\program files\Help for Skype – user guides, FAQs, customer support_files
2009-05-20 14:30 . 2009-05-20 14:30 26352 ----a-w- c:\program files\Help for Skype – user guides, FAQs, customer support.htm
2009-05-19 20:40 . 2009-04-12 21:16 -------- d-----r- c:\program files\COMODO
2009-05-19 20:14 . 2009-05-19 19:56 -------- d-----w- c:\program files\Drivers Agent List of Download of Drivers May 18, 2009
2009-05-16 22:19 . 2009-05-16 22:19 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-05-14 19:33 . 2009-05-14 19:20 37452296 ----a-w- c:\program files\Ad-AwareAE.exe
2009-05-14 14:09 . 2009-05-14 14:08 3386264 ------w- c:\documents and settings\Garry Wimer\Application Data\PC Updater\PCUPDATER.EXE
2009-05-14 14:08 . 2009-05-13 00:14 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\PC Updater
2009-05-13 20:03 . 2009-05-13 20:01 -------- d-----w- c:\program files\UpxFrontend-1.1
2009-05-12 21:12 . 2009-03-29 23:37 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-12 00:01 . 2009-03-30 13:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-11 23:55 . 2009-05-11 23:55 -------- d-----w- c:\documents and settings\Garry Wimer\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-10 19:16 . 2009-05-10 19:16 1878888 ----a-w- c:\program files\install_flash_player.exe
2009-05-09 23:50 . 2009-05-09 23:50 478618 ----a-w- c:\program files\JkDefrag-3.36.zip
2009-05-08 00:00 . 2009-05-07 23:59 3227248 ----a-w- c:\program files\ccsetup219 May 7, 2009.exe
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 13:21 . 2009-05-04 13:21 102400 ----a-w- c:\program files\chromechannel-2.0.exe
2009-04-29 20:48 . 2009-03-29 22:49 17864 ------w- c:\documents and settings\Garry Wimer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 04:56 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2009-04-29 19:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-25 23:28 . 2009-04-25 23:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-04-25 23:27 . 2009-03-30 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-04-25 23:27 . 2009-04-25 23:27 -------- d-----w- c:\program files\Common Files\Skype
2009-04-23 21:03 . 2009-04-23 21:03 -------- d-----w- c:\program files\Common Files\Scanner
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-05 23:25 . 2009-04-05 23:22 7518920 ----a-w- c:\program files\Firefox Setup 3.0.8.exe
2009-03-30 22:34 . 2009-03-30 22:34 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-03-30 19:39 . 2009-03-29 22:32 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-30 14:40 . 2009-03-30 14:40 0 ----a-w- c:\windows\nsreg.dat
2009-03-29 22:28 . 2009-03-29 22:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-25 12:29 . 2009-01-21 13:49 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Garry Wimer^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\Garry Wimer\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1539:TCP "= 1539:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
"1041:TCP "= 1041:TCP:Akamai NetSession Interface

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/4/2009 5:22 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/4/2009 5:22 PM 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/18/2009 4:32 PM 210216]
S3 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [6/1/2009 7:58 AM 234888]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1409082233-1801674531-1003.job
- c:\documents and settings\Garry Wimer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 16:56]

2009-06-20 c:\windows\Tasks\User_Feed_Synchronization-{73E5A440-C37F-4AD6-9793-5A2A2DFEF0EF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://starter.metacafe.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
TCP: {F2C9BB75-9D3B-4783-ADC0-6BD5F61537E0} = 200.91.75.6,200.91.75.5
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 18:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/rswin_3536.dll "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/rswin_3536.dll "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2772)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-20 18:52
ComboFix-quarantined-files.txt 2009-06-20 00:51
ComboFix2.txt 2009-06-19 23:24

Pre-Run: 26,876,514,304 bytes free
Post-Run: 26,859,913,216 bytes free

238 --- E O F --- 2009-06-15 04:54

 

Hi Garry
OK the recovery console installed, when you reboot or start the computer you should see a screen come up for 2 seconds which will give you a choice to use the recovery console.
This is only to be used if your computer will not boot up to windows.

Good job.

You can delete Combofix and the files you downloaded.

Surf Safely
Geri