Only boots to Safe Mode

[wrench]

Hello, please help me with this annoyance. I am unsure what I did to get the problem but I did remove AdAware by Lavasoft and I stopped Avira. I was thinking perhaps that might have caused a registry problem. The reason I removed them is, I was looking for a different software product that might not take so long for the computer to boot. The two I mentioned caused a 30 minutes boot time, unacceptable. After your help with the current problem, perhaps a recommendation for a good fast anti-virus and or whatever I need to keep the bad guys away. I appreciate your help!

DDS.txt

GMER.log

mbam-log-2011-04-29 (08-23-04).txt

Attach.zip

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

[wrench]

Thank you for assisting me with my problems. I am also sending a quote from the window which popped up when running MBAM and the update didn't work "PROGRAM_ERROR_UPDATING(0, 0,SHRegGetPath). I am running in Safe Mode.

per your request;

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 11/7/2009 3:36:28 PM

System Uptime: 5/3/2011 3:33:32 PM (0 hours ago)

.

Motherboard: | |

Processor: AMD Sempron Processor 3000+ | CPU 1 | 1800/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 56 GiB total, 39.886 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

2100

2100_Help

2100Tour

7-Zip 4.65

ActiveHome

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.2

AI RoboForm (All Users)

AIM 7

AiO_Scan

AiOSoftware

Any Video Converter 3.2.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.2.6

Avanquest update

Avira AntiVir Personal - Free Antivirus

AviSynth 2.5

BitTorrent

Bonjour

BootSkin

BufferChm

ConvertHelper 2.2

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

CreataCard Plus 2

CueTour

CustomerResearchQFolder

DeepBurner v1.9.0.228

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

DocProc

DocumentViewer

DocumentViewerQFolder

Download Updater (AOL LLC)

DVD Flick 1.3.0.7

eSupportQFolder

Fax

ffdshow [rev 2583] [2009-01-05]

Foxit Reader

Foxit Toolbar

Free Mp3 Wma Converter V 1.81

FullDPAppQFolder

Google Earth

Google Update Helper

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Document Viewer 5.3

HP Extended Capabilities 5.3

HP Image Zone 5.3

HP Image Zone Express

HP Imaging Device Functions 5.3

HP OfficeJet/PSC Scrubber

HP PSC & OfficeJet 5.3.B

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

ImgBurn

InstantShareDevices

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java 6 Update 24

K-Lite Codec Pack 6.5.0 (Basic)

Logitech iTouch Software

MarketResearch

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 5.0

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works 4.0

Motorola Phone Tools

Move Media Player

Mozilla Firefox 4.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NewCopy

PanoStandAlone

PC Connectivity Solution

PeerGuardian 2.0

PhoneTools

PhotoGallery

ProductContext

QuickTime

RandMap

Readme

RealUpgrade 1.0

SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

SamsungConnectivityCableDriver

Scan

ScannerCopy

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SiS VGA Utilities

SiSAGP driver

SkinsHP1

SolutionCenter

Sonic_PrimoSDK

Sothink Movie DVD Maker

SoundMAX

Spell Checker For OE 2.1

Status

SUPER

[wrench]

Very sorry!!! I sent the wrong file here is MBAM;

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6172

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

5/3/2011 3:42:13 PM

mbam-log-2011-05-03 (15-42-13).txt

Scan type: Quick scan

Objects scanned: 159895

Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[wrench]

Thanks for getting back with me. here is Combo Fix Log and DDS Notepad;

ComboFix 11-05-06.05 - Bill 05/07/2011 9:07.3.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.688 [GMT -4:00]

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))

.

.

2011-05-04 16:10 . 2011-05-04 16:10 -------- d-----w- c:\documents and settings\Bill\Application Data\Foxit Software

2011-04-29 12:34 . 2011-04-29 12:34 -------- d-----w- c:\documents and settings\Bill\Application Data\Avira

2011-04-29 12:29 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-04-29 12:29 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-29 12:29 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-04-29 12:29 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-04-29 12:29 . 2011-04-29 12:29 -------- d-----w- c:\program files\Avira

2011-04-29 12:29 . 2011-04-29 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-04-29 02:30 . 2011-04-29 02:30 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}

2011-04-29 02:23 . 2011-04-29 02:23 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-29 01:19 . 2011-04-29 01:19 -------- d-----w- c:\program files\ESET

2011-04-29 00:09 . 2011-04-29 00:09 -------- dc----w- C:\My Documents

2011-04-22 15:39 . 2011-04-22 15:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-04-22 15:14 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-22 15:14 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll

2011-04-22 03:04 . 2011-04-22 03:04 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Move Networks

2011-04-22 03:04 . 2011-04-22 03:04 -------- d-----w- c:\documents and settings\Bill\Application Data\Move Networks

2011-04-22 02:41 . 2011-04-22 02:41 -------- d-----w- c:\program files\Microsoft Silverlight

2011-04-20 02:51 . 2011-04-29 03:48 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-04-20 02:51 . 2011-04-29 03:48 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-04-20 02:51 . 2011-04-29 03:48 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-04-20 02:51 . 2011-04-29 03:48 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-04-20 02:51 . 2011-04-29 03:48 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-04-20 02:51 . 2011-04-29 03:48 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-04-20 02:51 . 2011-04-29 03:48 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-04-20 02:51 . 2011-04-29 03:48 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-04-20 02:51 . 2011-04-29 03:48 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-04-20 02:51 . 2011-04-29 03:48 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-10 23:59 . 2011-04-10 23:59 -------- d-----w- c:\program files\AskBarDis

2011-04-10 23:58 . 2011-04-10 23:57 75208 ----a-w- c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

2011-04-10 23:58 . 2011-04-10 23:58 -------- d-----w- c:\program files\Foxit Reader

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-28 02:39 . 2011-04-04 02:46 317184 ----a-w- c:\windows\system32\drivers\vidstub.sys

2011-03-07 05:33 . 2009-11-07 19:31 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2003-03-31 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2003-03-31 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2003-03-31 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2003-03-31 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:32 . 2009-11-09 21:59 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2003-03-31 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2003-03-31 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-01-27 04:11 . 2011-01-19 02:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2011-04-29 03:48 . 2011-04-20 02:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 16:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 17:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 19:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 16:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"SiSPower"="SiSPower.dll" [2007-04-10 53248]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

Reboot.exe [2006-12-28 409088]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 01000000

"NoSMMyPictures"= 01000000

"NoSMMyDocs"= 01000000

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Capture Remote Control.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TV Capture Remote Control.lnk

backup=c:\windows\pss\TV Capture Remote Control.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Bill\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^SonyPDA USB Switcher.lnk]

path=c:\documents and settings\Bill\Start Menu\Programs\Startup\SonyPDA USB Switcher.lnk

backup=c:\windows\pss\SonyPDA USB Switcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-03-05 23:41 98304 -c--a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2011-03-04 18:36 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

2004-04-26 21:21 270336 ----a-w- c:\program files\Tools\Stardock\WinCustomize\BootSkin\BootSkin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

2009-11-20 20:45 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

S2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [11/8/2009 2:56 AM 266180]

S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [11/8/2009 2:57 AM 18944]

S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [11/8/2009 2:58 AM 13308]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4/23/2010 9:27 PM 233472]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/23/2010 9:27 PM 36608]

S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 5:26 PM 136176]

S3 Normandy;Normandy SR2; [x]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/29/2011 8:29 AM 135336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 21:26]

.

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 21:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.startpage.com/

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: intuit.com\ttlc

FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\rwb404ic.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search The Web

FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-07 09:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1220)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

.

Completion time: 2011-05-07 09:13:46

ComboFix-quarantined-files.txt 2011-05-07 13:13

ComboFix2.txt 2011-04-29 00:46

ComboFix3.txt 2011-04-04 01:50

ComboFix4.txt 2011-03-29 19:50

.

Pre-Run: 42,798,518,272 bytes free

Post-Run: 42,792,030,208 bytes free

.

- - End Of File - - 11A8BD8208779D40129998EF689DBC71

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Bill at 9:21:37.32 on Sat 05/07/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.652 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Bill\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.startpage.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: UIHost=c:\windows\system32\logonuiX.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

BHO: Video Download Toolbar Intercept: {b29002a0-87a1-4dc4-ac55-5982034eb61e} - c:\progra~1\videod~1\VIDEOD~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Reboot.exe

uPolicies-explorer: NoLogoff = 01000000

uPolicies-explorer: NoSMMyPictures = 01000000

uPolicies-explorer: NoSMMyDocs = 01000000

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257719797421

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\bill\applic~1\mozilla\firefox\profiles\rwb404ic.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search The Web

FF - prefs.js: browser.startup.homepage - hxxp://startpage.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=

FF - plugin: c:\documents and settings\bill\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\tools\vlc\npvlc.dll

FF - plugin: c:\program files\videoscavenger_1eei\installr\4.bin\NP1eEISb.dll

.

============= SERVICES / DRIVERS ===============

.

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-29 11608]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-29 61960]

S2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2009-11-8 266180]

S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2009-11-8 18944]

S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2009-11-8 13308]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-23 233472]

S2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-23 36608]

S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-21 136176]

S3 Normandy;Normandy SR2; [x]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-29 135336]

S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-29 269480]

.

=============== Created Last 30 ================

.

2011-05-07 13:05:06 -------- dc----w- C:\ComboFix

2011-05-04 16:10:38 -------- d-----w- c:\docume~1\bill\applic~1\Foxit Software

2011-04-29 12:34:24 -------- d-----w- c:\docume~1\bill\applic~1\Avira

2011-04-29 12:29:03 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-04-29 12:29:02 -------- d-----w- c:\program files\Avira

2011-04-29 12:29:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-04-29 02:30:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{91EC863D-D912-4466-91CC-9489A4A2ADD3}

2011-04-29 02:23:37 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-29 02:23:37 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-29 01:19:01 -------- d-----w- c:\program files\ESET

2011-04-29 00:09:36 -------- dc----w- C:\My Documents

2011-04-22 15:39:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-04-22 15:14:32 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-04-22 15:14:32 215920 ----a-w- c:\windows\system32\muweb.dll

2011-04-22 15:14:32 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-04-22 03:04:43 -------- d-----w- c:\docume~1\bill\locals~1\applic~1\Move Networks

2011-04-20 02:51:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-20 02:51:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-04-20 02:51:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-04-20 02:51:25 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-04-20 02:51:25 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-04-20 02:51:25 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-04-20 02:51:25 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-04-20 02:51:25 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-04-20 02:51:25 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-04-20 02:51:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-04-10 23:59:16 -------- d-----w- c:\program files\AskBarDis

2011-04-10 23:58:56 75208 ----a-w- c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

2011-04-10 23:58:22 -------- d-----w- c:\program files\Foxit Reader

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-01-27 04:11:08 444283 ----a-w- c:\program files\common files\WinPcapNmap.exe

2006-05-03 16:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 17:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 19:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 9:21:50.78 ===============

[screen317]

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Next, click Start --> Run, and enter this command:

sc delete Normandy

Can you boot into Normal Mode now? What happens when you try?

[wrench]

Hello again, I have removed the Ask Toolbar and Normandy as you requested. A point of information on the Ask Toolbar; I could not find the Ask anywhere by search or in the XP Add Remove panel. I do have Foxit Reader, in the Add Remove panel was listed Foxit Toolbar. When I clicked on it Ask Toolbar was what came up in the remove window. I don't know how I got this and I had noticed evidence of it when moving through the files. I had no idea it was dangerous but I do try to avoid toolbars, I don't need or care for them.

I ran the DDS program again and there was no AskBarDis where it showed before.

I still cannot boot to a normal screen, my only boot option is Safe Mode.

Thanks again for your most appreciated help, I look forward to the next operation!

[screen317]

Can you boot into Normal Mode now? What happens when you try?

[wrench]

No I cannot boot to Normal Mode yet. I will attempt to explain more thoroughly; when power is initiated computer runs through bios, then the Windows/Recovery Console screen, then blank screen. It then restarts itself, the bios runs, then the Windows/Recovery Console screen appears, then it goes to the screen where Safe Mode is offered. I start Safe Mode with Network from there. I hope this gives some clues! Thanks for the help.

[screen317]

Have you tried Last Known Good Configuration?

[wrench]

Yes I have, many times. It goes through another restart process and back to offering the Safe Mode screen.

[wrench]

Hello, just wondering if you had my reply?

[screen317]

Hi,

My apologies for the delay. I wasn't notified of your reply.

I am currently consulting with my colleagues and will be back with you as soon as possible.

In the meantime, post the contents of this file:

C:\boot.ini

[wrench]

Hello and thanks for returning to assist me! I believe this is what you requested;

[boot loader]

timeout=3

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

[wrench]

Please disregard the above reply it is an ERROR. I am working from three different computers as this main unit is faulty. You can see from the time sent it was very late and I mistakenly ran the wrong .INI file. Here is the correct information;

[boot loader]

timeout=3

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

[screen317]

In Safe Mode, click Start --> Run, and type in msconfig.exe

Press Enter.

Click Diagnostic Startup then click OK.

See if you can boot into Normal Mode now.

[wrench]

Hi, no luck. Same scenario, when I do as you requested, I get the same result. The computer restarts will not start normally, then restarts and offers Safe Mode. Thanks, what next??

[screen317]

Your Stardock Bootskin may be at fault here.

I suggest uninstalling it in Safe Mode to troubleshoot.

[wrench]

I tried to remove the program using the Add Remove Programs in the Control Panel, it was not permitted. I tried a couple others to see if it was random or selective, it appears that no program can be removed. Please see the attached Print Screen for the language of the window which came upCannot Remove.bmp

[screen317]

You can try using Revo Uninstaller to remove it:

http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html?tag=mncol

[wrench]

The Stardock program was successfully removed by Revo, but the computer will still only boot in Safe Mode. Thanks, next?

[screen317]

Hi,

What graphics card are you currently using?

[wrench]

Hello again, I do not have a PCI graphics card, the graphics are integral of the motherboard. Please see attached for particulars

[wrench]

Sorry, I tried to put the print screen in but it didn't take. Look again please.

Also, I was looking in the MSCONFIG Startup and found an odd entry. Maybe you know what it is. I followed the path in Windows Explorer and it was not where it said it was. Sounded odd to me. Please see attached ;