Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rederecting and svchost.exe errors. At a loss tried everything I know :(


  • This topic is locked This topic is locked
4 replies to this topic

#1 maxgarwood

maxgarwood

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 20 March 2009 - 01:23 AM

Yesterday I downloaded a file while I was looking for a video editor. The file was very small and I assume was a virus. Now, whenever I search on google and click on a link it rederects me to random sites (porn, IP's, etc). I also noticed that whenever I try to open or interect with most stuff on my computer (open windows, programs etc) it comes up with this error:

svchost.exe - Appliacation Error
The instruction at "0x7564d383" referenced memory at "0x00000060". The memory could not be "read".
Click OK to terminate the program.


I am also getting problems when trying to download certain anti-virus programs. The page usually fails to load, and even if I download the program from another site, it doesn't open the program unless I rename it. The update system also doesn't work in AVG and other various anti-virus programs.

I have also found that today my DNS server was changed, which disabled me from connecting to the internet. I went into safe-mode and re entered my correct DNS server and now it's working again in 'non-safe' mode.

At one point I was also unable to open either of my hard drives in the My Computer window because of an error that said something about recycling, but that has gone now and I seem to be able to open the drives.

I have tried many programs such as AVG (fails to detect anything), Malwarebyte (detected and deleted 9 DNS changing trojans), and a few other anti-virus programs. Non of them have solved the problem. I will post the DDS Log, but for some reason it wont start scanning in 'non-safe mode', so I will post the log from safe-mode (don't know if that's any help)

Please help :thumbup2:
____________________________________________________________________________________________________________________


DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Max Garwood at 17:16:38.42 on Fri 20/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2818 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
H:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\maxgar~1\startm~1\programs\startup\styler.lnk - c:\docume~1\maxgar~1\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {D07132DD-079A-45D0-A74A-3C4A557F5213} = 210.15.254.240,210.15.254.241
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maxgar~1\applic~1\mozilla\firefox\profiles\i9g6mtxx.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-1-23 15656]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 325128]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 27656]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 107272]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-3-19 425080]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 298264]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-1-23 2749224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-10 1684736]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [2009-2-5 40672]

=============== Created Last 30 ================

2009-03-20 16:31 <DIR> --d----- C:\fixwareout
2009-03-20 16:22 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-20 15:43 <DIR> --d----- c:\program files\Trend Micro
2009-03-20 09:07 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Malwarebytes
2009-03-20 08:14 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\True Sword
2009-03-20 08:14 356,352 a------- c:\windows\eSellerateEngine.dll
2009-03-20 08:14 81,920 a------- c:\windows\eSellerateControl350.dll
2009-03-20 08:14 <DIR> --d----- c:\program files\True Sword 5
2009-03-20 08:07 <DIR> --d----- c:\program files\Autorun Eater
2009-03-19 21:28 <DIR> --d----- c:\program files\a-squared Free
2009-03-19 20:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 20:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-19 20:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-19 20:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-19 20:03 <DIR> --d----- c:\program files\AviSynth 2.5
2009-03-18 14:05 <DIR> --d----- c:\program files\Sierra Entertainment
2009-03-14 17:34 <DIR> --d----- c:\program files\WinUHA
2009-03-14 09:48 <DIR> --d----- c:\program files\VideoLAN
2009-03-14 09:17 <DIR> --d----- C:\Downloads
2009-03-10 13:01 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-10 13:01 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-10 13:01 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-10 13:01 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-10 13:01 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-10 13:01 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-10 13:00 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-10 08:07 <DIR> --d----- c:\program files\FlashGet
2009-03-09 19:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2DBoy
2009-03-09 19:25 <DIR> --d----- c:\program files\WorldOfGooDemo
2009-03-08 15:02 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Xfire
2009-03-06 17:37 <DIR> --d----- C:\Python26
2009-03-06 17:34 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Blender Foundation
2009-03-01 19:11 <DIR> --d----- c:\program files\VTFEdit
2009-03-01 18:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-28 13:03 <DIR> --d----- c:\program files\Qtracker
2009-02-28 10:21 <DIR> --d----- c:\program files\DVDFab 5
2009-02-28 08:42 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-02-27 11:23 <DIR> --d----- c:\program files\Steam
2009-02-27 05:47 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-25 16:33 <DIR> --d----- c:\windows\system32\xlive
2009-02-25 16:33 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-02-22 20:40 <DIR> --d----- c:\program files\CFToolbox
2009-02-21 17:24 32,592 a------- c:\windows\system32\msonpmon.dll
2009-02-21 17:21 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-02-21 17:20 <DIR> --d----- c:\windows\SHELLNEW
2009-02-21 11:09 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-02-19 17:48 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Windows Live Writer
2009-02-19 17:30 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition

==================== Find3M ====================

2009-03-04 17:58 5,045,760 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-02 16:01 17,530,368 a------- c:\windows\RTHDCPL.EXE
2009-03-02 11:14 57,344 a------- c:\windows\ALCMTR.EXE
2009-02-16 19:11 164,836 a------- c:\windows\hpoins21.dat
2009-02-14 15:55 87,608 a------- c:\docume~1\maxgar~1\applic~1\inst.exe
2009-02-14 15:55 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-14 15:55 47,360 a------- c:\docume~1\maxgar~1\applic~1\pcouffin.sys
2009-02-12 19:03 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-10 19:44 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-10 19:44 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-02-09 14:34 35,840 a------- c:\windows\system32\RtkCoInstXP.dll
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-05 20:35 40,672 a------- c:\windows\system32\drivers\CESG502.SYS
2009-02-01 09:32 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-01 09:32 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-01 09:32 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-21 15:54 1,206,816 a------- c:\windows\RtlUpd.exe
2009-01-20 16:19 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-01-18 17:18 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-18 03:53 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-18 01:16 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-01-17 17:52 16,608 a------- c:\windows\gdrv.sys
2009-01-17 15:12 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-17 15:09 22,328 a------- c:\docume~1\maxgar~1\applic~1\PnkBstrK.sys
2009-01-17 15:09 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-01-17 14:12 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE

============= FINISH: 17:16:51.23 ===============

Attached Files


Edited by maxgarwood, 20 March 2009 - 05:04 PM.


BC AdBot (Login to Remove)

 


#2 maxgarwood

maxgarwood
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 20 March 2009 - 01:32 AM

I just managed to get DDS to run in 'non-safe mode' by renaming the file to pop. Would it be of any help to see that log, rather than the one constructed in safe-mode?

#3 maxgarwood

maxgarwood
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 20 March 2009 - 05:07 PM

I'll post it anyway. Here is the DDS log in 'non-safe' mode.
______________________________________________________________________________________________________________________


DDS (Ver_09-03-16.01) - NTFSx86
Run by Max Garwood at 17:28:12.51 on Fri 20/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2636 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
H:\pop.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\maxgar~1\startm~1\programs\startup\styler.lnk - c:\docume~1\maxgar~1\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {D07132DD-079A-45D0-A74A-3C4A557F5213} = 210.15.254.240,210.15.254.241
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\maxgar~1\applic~1\mozilla\firefox\profiles\i9g6mtxx.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-17 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-17 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-17 107272]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-3-19 425080]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-17 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-17 298264]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-1-23 2749224]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-1-23 15656]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-10 1684736]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [2009-2-5 40672]

=============== Created Last 30 ================

2009-03-20 16:31 <DIR> --d----- C:\fixwareout
2009-03-20 16:22 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-20 15:43 <DIR> --d----- c:\program files\Trend Micro
2009-03-20 09:07 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Malwarebytes
2009-03-20 08:14 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\True Sword
2009-03-20 08:14 356,352 a------- c:\windows\eSellerateEngine.dll
2009-03-20 08:14 81,920 a------- c:\windows\eSellerateControl350.dll
2009-03-20 08:14 <DIR> --d----- c:\program files\True Sword 5
2009-03-20 08:07 <DIR> --d----- c:\program files\Autorun Eater
2009-03-19 21:28 <DIR> --d----- c:\program files\a-squared Free
2009-03-19 20:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-19 20:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-19 20:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-19 20:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-19 20:03 <DIR> --d----- c:\program files\AviSynth 2.5
2009-03-18 14:05 <DIR> --d----- c:\program files\Sierra Entertainment
2009-03-14 17:34 <DIR> --d----- c:\program files\WinUHA
2009-03-14 09:48 <DIR> --d----- c:\program files\VideoLAN
2009-03-14 09:17 <DIR> --d----- C:\Downloads
2009-03-10 13:01 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-03-10 13:01 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-03-10 13:01 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-03-10 13:01 514,384 a------- c:\windows\system32\XAudio2_3.dll
2009-03-10 13:01 235,856 a------- c:\windows\system32\xactengine3_3.dll
2009-03-10 13:01 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2009-03-10 13:00 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2009-03-10 08:07 <DIR> --d----- c:\program files\FlashGet
2009-03-09 19:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2DBoy
2009-03-09 19:25 <DIR> --d----- c:\program files\WorldOfGooDemo
2009-03-08 15:02 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Xfire
2009-03-06 17:37 <DIR> --d----- C:\Python26
2009-03-06 17:34 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Blender Foundation
2009-03-01 19:11 <DIR> --d----- c:\program files\VTFEdit
2009-03-01 18:11 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-28 13:03 <DIR> --d----- c:\program files\Qtracker
2009-02-28 10:21 <DIR> --d----- c:\program files\DVDFab 5
2009-02-28 08:42 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-02-27 11:23 <DIR> --d----- c:\program files\Steam
2009-02-27 05:47 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-25 16:33 <DIR> --d----- c:\windows\system32\xlive
2009-02-25 16:33 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-02-22 20:40 <DIR> --d----- c:\program files\CFToolbox
2009-02-21 17:24 32,592 a------- c:\windows\system32\msonpmon.dll
2009-02-21 17:21 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-02-21 17:20 <DIR> --d----- c:\windows\SHELLNEW
2009-02-21 11:09 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-02-19 17:48 <DIR> --d----- c:\docume~1\maxgar~1\applic~1\Windows Live Writer
2009-02-19 17:30 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition

==================== Find3M ====================

2009-03-04 17:58 5,045,760 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-02 16:01 17,530,368 a------- c:\windows\RTHDCPL.EXE
2009-03-02 11:14 57,344 a------- c:\windows\ALCMTR.EXE
2009-02-16 19:11 164,836 a------- c:\windows\hpoins21.dat
2009-02-14 15:55 87,608 a------- c:\docume~1\maxgar~1\applic~1\inst.exe
2009-02-14 15:55 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-14 15:55 47,360 a------- c:\docume~1\maxgar~1\applic~1\pcouffin.sys
2009-02-12 19:03 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-10 19:44 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-10 19:44 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-02-09 14:34 35,840 a------- c:\windows\system32\RtkCoInstXP.dll
2009-02-06 19:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-05 20:35 40,672 a------- c:\windows\system32\drivers\CESG502.SYS
2009-02-01 09:32 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-01 09:32 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-01 09:32 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-21 15:54 1,206,816 a------- c:\windows\RtlUpd.exe
2009-01-20 16:19 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-01-18 17:18 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-18 03:53 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-18 01:16 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-01-17 17:52 16,608 a------- c:\windows\gdrv.sys
2009-01-17 15:12 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-17 15:09 22,328 a------- c:\docume~1\maxgar~1\applic~1\PnkBstrK.sys
2009-01-17 15:09 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-01-17 14:12 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE

============= FINISH: 17:28:21.64 ===============

#4 maxgarwood

maxgarwood
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 21 March 2009 - 04:52 PM

I have now decided to re install. I have tried everything, and this guy ain't an easy one.

TOPIC CLOSED

Thanks :thumbup2:

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:45 AM

Posted 29 March 2009 - 07:11 PM

Thanks for informing us.

Good luck.

The thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users