acofal1

Hi Maniac, no bad image faults Any idea what the problem was??

Hi Maniac, Here is the farbar scan log; Farbar Service Scanner Version: 07-11-2012 Ran by Apprenticeship Coord (administrator) on 08-11-2012 at 11:35:54 Running from "C:\Documents and Settings\Apprenticeship Coord\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Avgfwfd(9) Avgtdix(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 0x0A00000004000000010000000200000003000000090000000A00000005000000080000000600000007000000 IpSec Tag value is correct. **** End of log ****

Hi Maniac, Well that went well, no threats found. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17114 (vista_gdr.120824-1002) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8232a1327d40144aad284e8e6798a843 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-07 03:49:38 # local_time=2012-11-07 04:49:38 (+0100, W. Europe Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1032 16777190 100 98 30408 95473243 0 0 # compatibility_mode=8192 67108863 100 0 4094 4094 0 0 # scanned=51934 # found=0 # cleaned=0 # scan_time=1481

Hi Maniac, that worked, here is the log.. ComboFix 12-11-06.03 - Apprenticeship Coord 07/11/2012 15:32:31.3.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1583 [GMT 1:00] Running from: c:\documents and settings\Apprenticeship Coord\Desktop\ComboFix.exe AV: AVG Internet Security Business Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\KS practice test (D)\AUTORUN.INF c:\documents and settings\My Disc (D)\AUTORUN.INF c:\windows\system32\avgfwdx.dll c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\648c8834a1a7c6a2.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\823645d71b7ef076.fb c:\windows\system32\Cache\9390fdcf1811c901.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\cea29d9f2102be23.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\f73b7f2a586dc0ff.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 ))))))))))))))))))))))))))))))) . . 2012-11-06 15:28 . 2012-11-07 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-11-06 15:28 . 2012-11-06 15:31 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-10-17 10:58 . 2012-10-17 10:58 -------- d-----w- c:\documents and settings\Apprenticeship Coord\Application Data\Malwarebytes 2012-10-17 10:58 . 2012-10-17 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-10-17 10:58 . 2012-11-06 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-17 10:58 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-17 09:29 . 2012-04-26 06:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-17 09:29 . 2011-06-27 09:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-27 19:12 . 2004-08-11 17:00 832512 ----a-w- c:\windows\system32\wininet.dll 2012-08-27 19:12 . 2004-08-11 17:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2012-08-27 19:12 . 2004-08-11 17:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-08-27 19:12 . 2004-08-11 17:00 17408 ------w- c:\windows\system32\corpol.dll 2012-08-24 13:53 . 2004-08-11 17:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2004-08-11 17:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-20 07:21 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-20 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-03 7630848] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-20 1107552] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] 2004-02-19 06:23 61440 -c--a-w- c:\dell\bldbubg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2007-05-24 07:03 17920 -c--a-w- c:\dell\E-Center\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-27 16:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 16:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-03 14:28 7630848 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-03 14:28 86016 -c--a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2006-10-20 17:23 118784 -c----w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2006-08-17 09:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-12-02 12:51 282624 -c--a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 13:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgam.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 297168] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 03:33 30432] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 248656] S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 18:25 65536] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [09/03/2011 18:24 2708024] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 15:02 7391072] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 04:33 269520] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [17/10/2012 11:58 399432] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/10/2012 11:58 676936] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [20/07/2012 08:21 935008] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [19/05/2011 15:11 167264] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 03:33 30432] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 20:42 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 20:42 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 20:42 27216] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/10/2012 11:58 22856] . Contents of the 'Scheduled Tasks' folder . 2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 09:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.thecollegespartnership.co.uk/content.asp?ContentID=1 uInternet Connection Wizard,ShellNext = hxxp://www.google.de/ig/dell?hl=en&client=dell-row-rel&channel=de&ibd=6080226 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: {F7A6A812-80D5-4A24-856A-0312EE5A912E} - hxxp://onlineassessments.ediplc.com/activex/EDISecureAssessment.CAB . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe MSConfigStartUp-nwiz - nwiz.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-07 15:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1520) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2012-11-07 15:38:02 ComboFix-quarantined-files.txt 2012-11-07 14:38 . Pre-Run: 148,511,297,536 bytes free Post-Run: 148,474,765,312 bytes free . - - End Of File - - 496CD8E6F9F67CB20086BB6E27A228E0

Hi Maniac, ran combofix. First scan went to Stage 27 then caused BSOD. Re-started computer and re-ran scan. It has completed deleting files and has started deleting folders but seems to be hanging and not going onto preparing log report.......what do you think.....reboot????

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-11-07 13:55:35 ----------------------------- 13:55:35.218 OS Version: Windows 5.1.2600 Service Pack 3 13:55:35.218 Number of processors: 2 586 0x6B01 13:55:35.218 ComputerName: LEARNER4 UserName: 13:55:36.187 Initialize success 13:56:28.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b 13:56:28.171 Disk 0 Vendor: SAMSUNG_HD161HJ JF100-22 Size: 152587MB BusType: 3 13:56:28.187 Disk 0 MBR read successfully 13:56:28.187 Disk 0 MBR scan 13:56:28.187 Disk 0 Windows XP default MBR code 13:56:28.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63 13:56:28.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 96390 13:56:28.203 Disk 0 scanning sectors +312496380 13:56:28.265 Disk 0 scanning C:\WINDOWS\system32\drivers 13:56:34.484 Service scanning 13:56:42.468 Modules scanning 13:56:55.593 Disk 0 trace - called modules: 13:56:55.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 13:56:55.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a462ab8] 13:56:55.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a42ef18] 13:56:55.609 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\0000006b[0x8a4ed650] 13:56:55.609 Scan finished successfully 13:57:34.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Apprenticeship Coord\Desktop\MBR.dat" 13:57:34.640 The log file has been saved successfully to "C:\Documents and Settings\Apprenticeship Coord\Desktop\aswMBR.txt"

Hi Maniac,Completed MWB scan, nothing picked up.....now completing step 3 aswMBR.exe Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.07.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Apprenticeship Coord :: LEARNER4 [administrator] 07/11/2012 13:46:25 mbam-log-2012-11-07 (13-46-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216307 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hi Maniac, thanks for reply, we're going in..........

Hi all, keep getting 'Services.exe - Bad Image' messages. It appears more than >10 times on start up etc. AVG, AntiMalwarebytes didn't detect anything, Spybot indicated Firewall Disable notification? and deleted it. Problem still exists. PFA DDS and Attach files. Any help appreciated.. Thanks dds.txt attach.txt