Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft Says It Blocked Attempts at Hacking Midterm Campaigns

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Explorer not loading at startup, tried many different common fixes

Started by regulater , Aug 31 2010 07:11 PM

This topic is locked

2 replies to this topic

#1 regulater

Members
6 posts
OFFLINE

Local time:03:41 PM

Posted 31 August 2010 - 07:11 PM

Computer starts up fine, when i get into windows all i can see is my background, i can ctrl+alt+delete and use task manager, and use some things like notepad, firefox, and regedit. System restore does not work in safe mode, or normal windows. I cannot browse files on my computer only through notepad so this has been a little tough. iexplorer.exe does not work, most antivirus programs do not work like malware anti-bytes.

Here is what i tried so far.
1. ctrl+alt+del, new task, explorer.exe tried many times with no luck
1) RESTORE A MISSING "USERINIT" REGISTRY VALUE

1. Copy below and paste into Notepad:

----------copy inside only----------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\SYSTEM32\\userinit.ex e,"

----------copy inside only----------

2. If your Windows is not on drive C: replace C: with your
Windows drive letter and Save-As Userinit.reg
(or any name + .reg).

3. Double-click or right-click and merge into the registry.

4. Restart.

(2) DELETE AN INCORRECT "EXPLORER.EXE" ENTRY IN THE REGISTRY

1. Open the Run box and enter: regedit

2. Go to this key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

3. If you see "explorer.exe" as a subkey below, delete it.

4. Restart.

(3) RESTORE A MISSING "EXPLORER.EXE" ENTRY IN THE REGISTRY

1. Copy below and paste into Notepad:

----------copy inside only----------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

----------copy inside only----------

2. Save-As WinLogon.reg (or any name + .reg).

3. Double-click or right-click and merge into the registry.

4. Restart.

(4) EXLORER.EXE IS MISSING

If explorer.exe is not in C:\WINDOWS\ then insert
your Windows CD and, using the 'Task Manager', run
the 'System File Checker' utility with this command:
sfc /scannow

If the 'System File Checker' didn't replace it, boot
to the Recovery Console with the Windows CD and copy
explorer.exe manually:

1. Insert the Windows CD and restart.

2. When setup begins, choose the "Repair or Recover"
option by pressing "R".

3. Once at the command prompt, enter:
copy D:\I386\EXPLORER.EX_ C:\WINDOWS\
(Change drive letters accordingly)

4. The file, "EXPLORER.EX_" is compressed and should be
automatically expanded on copy. If it doesn't just enter
this command:
expand C:\WINDOWS\EXPLORER.EX_ C:\WINDOWS\explorer.exe

5. To exit the Recovery Console, type: exit.

If the desktop still does not load then, from within the
Task Manager, run a new task to open the Registry Editor:
regedit.exe
and check the registry data from above, adding as neccessary,
if it is missing or incorrect.

That didnt work, and ive tried a few other things. Here is my hijack this file and combofix file

ComboFix 10-08-31.01 - Riley 08/31/2010 19:59:29.1.2 - x86
Running from: c:\documents and settings\Riley\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Rileybro.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 23:56 . 2010-08-31 23:56 -------- d-----w- c:\program files\Trend Micro
2010-08-31 23:37 . 2010-08-31 23:37 -------- d-----w- c:\program files\Panda Security
2010-08-31 23:24 . 2010-08-31 23:24 -------- d-----w- c:\program files\zabkat
2010-08-31 23:04 . 2010-08-31 23:11 -------- d-----w- c:\documents and settings\Riley\Application Data\QuickScan
2010-08-31 23:04 . 2010-07-27 02:30 705208 ----a-w- c:\documents and settings\Riley\Application Data\Mozilla\Firefox\Profiles\xlzf5tge.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-31 23:04 . 2010-07-27 02:30 978664 ----a-w- c:\documents and settings\Riley\Application Data\Mozilla\Firefox\Profiles\xlzf5tge.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-31 22:45 . 2010-08-31 23:32 -------- d-----w- c:\program files\mbamm
2010-08-31 22:35 . 2010-08-31 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-31 22:35 . 2010-08-31 22:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-31 22:21 . 2010-08-31 22:21 218 ----a-w- C:\WallPaperViews.VBS
2010-08-31 21:20 . 2010-08-31 21:41 138 ----a-w- C:\winexp.reg
2010-08-31 20:34 . 2001-08-17 17:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-08-31 20:33 . 2001-08-18 02:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-08-31 20:32 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-08-31 20:31 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-31 20:30 . 2004-08-04 04:56 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2010-08-31 20:29 . 2001-08-18 02:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2010-08-31 20:28 . 2004-08-04 03:00 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2010-08-31 20:27 . 2001-08-17 18:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2010-08-31 20:26 . 2001-08-18 02:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-08-31 20:25 . 2004-08-04 03:00 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2010-08-31 20:24 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-08-31 20:23 . 2001-08-17 17:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-08-31 20:22 . 2001-08-18 02:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-08-31 20:21 . 2001-08-17 16:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2010-08-31 20:20 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-31 20:19 . 2004-08-04 03:07 42752 -c--a-w- c:\windows\system32\dllcache\alim1541.sys
2010-08-31 20:13 . 2010-08-31 21:42 164 ----a-w- C:\Winlogon.reg
2010-08-31 20:12 . 2010-08-31 20:12 136 ----a-w- c:\windows\system32\Winlogon.reg
2010-08-31 18:02 . 2010-08-31 18:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-08-31 17:01 . 2010-08-31 17:01 -------- d-----w- c:\documents and settings\Riley\Application Data\WTablet
2010-08-31 17:01 . 2010-08-31 17:01 -------- d-----w- c:\program files\TabletPlugins
2010-08-31 17:01 . 2010-05-19 18:52 16240 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-08-31 17:01 . 2009-09-21 20:29 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-08-31 17:01 . 2010-07-13 18:26 656240 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-08-31 17:01 . 2010-07-13 18:24 495616 ----a-w- c:\windows\system32\Wintab32.dll
2010-08-30 19:34 . 2010-08-31 17:01 -------- d-----w- c:\program files\Tablet
2010-08-30 18:55 . 2010-08-30 18:55 -------- d-----w- C:\Users
2010-08-30 18:55 . 2010-08-30 18:55 -------- d-----w- c:\program files\Pixologic
2010-08-30 18:54 . 2010-08-30 18:54 -------- d-----w- c:\documents and settings\Riley\Local Settings\Application Data\Downloaded Installations
2010-08-30 00:09 . 2010-08-30 00:09 -------- d-----w- c:\documents and settings\Riley\Application Data\Publish Providers
2010-08-30 00:03 . 2010-08-30 00:09 -------- d-----w- c:\documents and settings\Riley\Application Data\Sony
2010-08-30 00:03 . 2010-08-30 00:03 -------- d-----w- c:\documents and settings\Riley\Local Settings\Application Data\Sony
2010-08-29 23:57 . 2010-08-29 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-08-29 23:57 . 2010-08-29 23:57 -------- d-----w- c:\program files\Sony
2010-08-29 23:43 . 2010-08-29 23:43 -------- d-----w- c:\program files\Flip Video
2010-08-29 23:43 . 2010-08-29 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-08-29 17:51 . 2010-08-29 17:51 -------- d-----w- c:\documents and settings\Riley\Application Data\Malwarebytes
2010-08-29 17:50 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 17:50 . 2010-08-29 17:51 -------- d-----w- c:\program files\mapp
2010-08-29 17:50 . 2010-08-29 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 17:50 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 13:49 . 2010-08-29 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 17:36 . 2010-08-29 05:06 -------- d-----w- c:\program files\World of Warcraft
2010-08-28 17:33 . 2010-08-28 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-08-27 00:17 . 2010-08-27 00:17 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-26 00:07 . 2010-08-28 15:32 -------- d-----w- C:\gPotato.com
2010-08-25 23:27 . 2010-08-27 23:25 -------- d-----w- c:\documents and settings\Riley\Local Settings\Application Data\PMB Files
2010-08-25 23:27 . 2010-08-25 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-08-25 23:27 . 2010-08-25 23:27 -------- d-----w- c:\program files\Pando Networks
2010-08-25 23:18 . 2010-08-25 23:24 -------- d-----w- c:\documents and settings\Riley\Application Data\FOG Downloader
2010-08-25 20:27 . 2010-08-25 20:27 -------- d-----w- C:\$AVG
2010-08-25 03:29 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-08-25 03:23 . 2010-08-25 03:23 -------- d-----w- c:\windows\Sun
2010-08-25 03:21 . 2010-08-25 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-08-25 03:18 . 2010-08-25 03:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-25 03:18 . 2010-08-25 03:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-25 03:18 . 2010-08-25 03:18 -------- d-----w- c:\program files\OpenAL
2010-08-25 03:07 . 2010-08-25 03:07 -------- d-----w- c:\program files\Codemasters
2010-08-25 03:01 . 2010-08-25 03:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-25 03:00 . 2010-08-25 03:06 -------- d-----w- c:\documents and settings\Riley\Application Data\DAEMON Tools Lite
2010-08-25 03:00 . 2010-08-25 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-08-25 02:56 . 2010-08-25 02:57 -------- d-----w- c:\program files\MagicISO
2010-08-24 21:47 . 2010-08-25 19:29 -------- d-----w- c:\program files\JDownloader
2010-08-24 21:47 . 2010-08-24 21:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-08-24 21:47 . 2010-08-24 21:47 -------- d-----w- c:\program files\Java
2010-08-24 21:47 . 2010-08-24 21:47 152576 ----a-w- c:\documents and settings\Riley\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-08-21 15:34 . 2010-08-21 15:34 -------- d-----w- c:\documents and settings\Riley\Application Data\NVIDIA
2010-08-21 15:34 . 2010-08-21 15:34 -------- d-----w- c:\documents and settings\Riley\Local Settings\Application Data\2K Games
2010-08-21 15:34 . 2010-06-02 08:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-21 15:34 . 2010-06-02 08:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-21 15:34 . 2010-06-02 08:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-21 15:34 . 2010-05-26 15:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-21 15:34 . 2010-05-26 15:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-21 15:34 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-21 15:34 . 2010-05-26 15:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-21 15:34 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-21 15:34 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-08-21 15:34 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-08-21 15:06 . 2010-08-31 16:42 -------- d-----w- c:\program files\Steam
2010-08-19 17:02 . 2010-08-19 17:02 -------- d-----w- c:\program files\7-Zip
2010-08-17 01:54 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-08-17 01:54 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-08-17 01:54 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-17 01:54 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-13 17:17 . 2010-08-13 17:22 -------- d-----w- C:\My Recordings
2010-08-13 17:16 . 2010-08-13 17:16 -------- d-----w- c:\program files\FREE Hi-Q Recorder
2010-08-13 17:16 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-08-10 12:12 . 2010-08-10 12:12 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-10 12:12 . 2010-08-10 12:12 -------- d-----w- c:\program files\MSBuild
2010-08-10 12:12 . 2010-08-10 12:12 -------- d-----w- c:\program files\Reference Assemblies
2010-08-10 12:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-10 12:11 . 2010-08-10 12:12 -------- d-----w- C:\2df0caef6cf86ef4a8adbe6084d5
2010-08-10 12:11 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-10 12:11 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-10 12:11 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-10 12:11 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-10 12:11 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-10 12:11 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-10 12:11 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-10 12:11 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-09 16:54 . 2010-08-09 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-09 16:52 . 2010-08-09 16:54 -------- d-----w- c:\documents and settings\Riley\Application Data\Temp
2010-08-09 16:43 . 2010-08-09 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-09 16:42 . 2010-08-09 16:43 -------- d-----w- c:\documents and settings\Riley\Local Settings\Application Data\Adobe
2010-08-08 15:15 . 2010-08-08 15:15 -------- d-----w- c:\documents and settings\Riley\Local Settings\Application Data\Identities
2010-08-08 14:59 . 2010-08-31 23:25 -------- d-----w- c:\documents and settings\Riley\Application Data\Bc
2010-08-07 15:48 . 2010-08-07 15:48 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-07 15:47 . 2010-08-07 15:48 -------- d-----w- C:\f37c2195970f90f9f1cc0ece
2010-08-07 15:47 . 2010-08-10 14:02 -------- d-----w- c:\windows\system32\LogFiles
2010-08-07 15:47 . 2010-08-07 15:48 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-08-07 15:47 . 2010-08-07 15:47 -------- d-----w- C:\7dcba15be8241d949075bf5c108d
2010-08-07 15:44 . 2010-08-07 15:44 354744 ----a-w- c:\documents and settings\Riley\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-08-07 15:44 . 2010-08-07 15:44 -------- d-----w- c:\documents and settings\Riley\Application Data\SanDisk
2010-08-07 14:38 . 2010-08-07 15:04 0 --sh--r- C:\logwmemory.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 17:59 . 2010-07-29 03:35 -------- d-----w- c:\documents and settings\Riley\Application Data\Skype
2010-08-31 16:43 . 2010-08-01 03:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-31 16:37 . 2010-08-01 18:55 0 ----a-w- c:\documents and settings\Riley\Local Settings\Application Data\prvlcl.dat
2010-08-31 03:12 . 2010-07-29 03:35 -------- d-----w- c:\documents and settings\Riley\Application Data\skypePM
2010-08-30 19:35 . 2010-07-28 21:58 12328 ----a-w- c:\documents and settings\Riley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 18:55 . 2010-07-28 21:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 17:53 . 2006-02-28 12:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-08-28 22:42 . 2010-07-29 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-28 18:49 . 2010-07-29 01:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-25 03:29 . 2010-08-25 03:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-08-25 03:29 . 2010-08-25 03:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-08-17 22:19 . 2010-07-29 01:13 -------- d-----w- c:\program files\StarCraft II
2010-08-16 19:13 . 2010-07-30 19:46 -------- d-----w- c:\documents and settings\Riley\Application Data\vlc
2010-08-09 16:54 . 2010-07-28 22:55 -------- d-----w- c:\program files\Bonjour
2010-08-09 16:54 . 2010-07-28 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-08-01 03:11 . 2010-08-01 03:11 -------- d-----w- c:\program files\Skype Recorder
2010-08-01 03:05 . 2010-08-01 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MXSkypeRecorder
2010-07-30 19:45 . 2010-07-30 19:45 -------- d-----w- c:\program files\VideoLAN
2010-07-30 19:37 . 2010-07-30 19:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-30 19:37 . 2010-07-30 19:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-30 19:37 . 2010-07-30 19:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-30 19:37 . 2010-07-30 19:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-30 19:35 . 2010-07-30 19:35 -------- d-----w- c:\program files\AVG
2010-07-30 19:35 . 2010-07-30 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-30 07:00 . 2010-07-30 07:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-07-30 07:00 . 2010-07-30 07:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-29 21:48 . 2010-07-28 21:41 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-29 03:35 . 2010-07-29 03:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-29 03:35 . 2010-07-29 03:34 -------- d-----r- c:\program files\Skype
2010-07-29 03:34 . 2010-07-29 03:34 -------- d-----w- c:\program files\Common Files\Skype
2010-07-29 03:34 . 2010-07-29 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-29 03:28 . 2010-07-28 21:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-29 03:27 . 2010-07-29 03:27 2605008 ----a-w- c:\documents and settings\Riley\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-07-29 03:27 . 2010-07-29 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-29 03:27 . 2010-07-29 03:27 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-29 03:27 . 2010-07-29 03:27 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-29 03:27 . 2010-07-29 03:27 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-29 03:21 . 2010-07-28 22:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-29 01:07 . 2010-07-28 21:53 -------- d-----w- c:\program files\ASUS
2010-07-29 01:07 . 2010-07-29 01:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-29 01:01 . 2010-07-29 01:01 -------- d-----w- c:\program files\Realtek
2010-07-29 01:01 . 2010-07-29 01:01 315392 ----a-w- c:\windows\HideWin.exe
2010-07-29 00:55 . 2010-07-29 00:55 -------- d-----w- c:\documents and settings\Riley\Application Data\InstallShield
2010-07-29 00:52 . 2010-07-29 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-29 00:52 . 2010-07-28 22:15 -------- d-----w- c:\documents and settings\Riley\Application Data\DisplayTune
2010-07-29 00:52 . 2010-07-28 22:18 -------- d-----w- c:\program files\StarCraft II.temp
2010-07-29 00:52 . 2010-07-28 22:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2010-07-28 22:55 . 2010-07-28 22:55 -------- d-----w- c:\program files\MSXML 6.0
2010-07-28 22:24 . 2010-07-28 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-28 22:23 . 2010-07-28 22:23 0 ----a-w- c:\windows\nsreg.dat
2010-07-28 22:08 . 2010-07-28 22:08 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-28 22:06 . 2010-07-28 22:06 -------- d-----w- c:\program files\Portrait Displays
2010-07-28 22:06 . 2010-07-28 22:06 -------- d-----w- c:\program files\Acer Display
2010-07-28 21:41 . 2010-07-28 21:41 -------- d-----w- c:\program files\microsoft frontpage
2010-07-28 21:39 . 2010-07-28 21:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-09 22:38 . 2010-07-28 22:10 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38 . 2010-07-28 22:10 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38 . 2010-07-28 22:10 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2010-07-28 22:10 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2010-07-28 22:10 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38 . 2010-07-28 22:10 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38 . 2010-07-28 22:10 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2010-07-28 22:10 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2010-07-28 22:10 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2010-07-28 22:10 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 22:38 . 2010-07-28 22:10 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2010-07-28 22:10 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 17:46 . 2010-07-29 00:55 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-14 14:30 . 2010-07-28 21:39 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"MX Skype Recorder"="c:\documents and settings\All Users\Application Data\MXSkypeRecorder\MXSkypeRecorder.exe" [2010-01-30 581272]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-25 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-30 2065760]
"Skype Recorder"="c:\program files\Skype Recorder\Skype Recorder.exe" [2010-06-10 917504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Conime"="c:\windows\system32\conime.exe" [2006-02-28 27648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-30 19:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58134:TCP"= 58134:TCP:Pando Media Booster
"58134:UDP"= 58134:UDP:Pando Media Booster

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-31 921952]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-30 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-30 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-30 308136]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]

.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Riley\Application Data\Mozilla\Firefox\Profiles\xlzf5tge.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Riley\Application Data\Mozilla\Firefox\Profiles\xlzf5tge.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Riley\Application Data\Mozilla\Firefox\Profiles\xlzf5tge.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
SafeBoot-Wdf01000.sys
AddRemove-Pen Tablet Driver - c:\program files\Tablet\Pen\Remove.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-08-31 20:02:04
ComboFix-quarantined-files.txt 2010-09-01 00:02

Pre-Run: 522,086,023,168 bytes free
Post-Run: 522,499,489,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 47578C42B33CB9052B2A1254B5726FAE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:29 PM, on 8/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\ComboFix\CF15411.cfxxe
C:\WINDOWS\PEV.exe
C:\ComboFix\PEV.cfxxe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Rileybro.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Skype Recorder] "C:\Program Files\Skype Recorder\Skype Recorder.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MX Skype Recorder] "C:\Documents and Settings\All Users\Application Data\MXSkypeRecorder\MXSkypeRecorder.exe" /autorun
O4 - HKCU\..\Run: [Swhst] C:\Documents and Settings\Riley\Application Data\Bc\swhst.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-1390067357-1637723038-839522115-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1390067357-1637723038-839522115-1004\..\Run: [MX Skype Recorder] "C:\Documents and Settings\All Users\Application Data\MXSkypeRecorder\MXSkypeRecorder.exe" /autorun (User '?')
O4 - HKUS\S-1-5-21-1390067357-1637723038-839522115-1004\..\Run: [Swhst] C:\Documents and Settings\Riley\Application Data\Bc\swhst.exe (User '?')
O4 - HKUS\S-1-5-21-1390067357-1637723038-839522115-1004\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-1390067357-1637723038-839522115-1004\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

--
End of file - 6511 bytes

Thanks for the help

Edited by Pandy, 01 September 2010 - 12:29 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:03:41 PM

Posted 08 September 2010 - 06:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,

Please download OTL from this link.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Under the Custom Scan box paste this in:

netsvcs
msconfig
drivers32 /all
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.sys /90
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32
ahcix86s.sys
nvrd32.sys
user32.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
CREATERESTOREPOINT
Click the Quick Scan button.
The scan should take a few minutes.
Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

In your reply, please post both OTL logs and the GMER log.

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Unified Network of Instructors and Trusted Eliminators

Back to top

#3 etavares

Bleepin' Remover

Malware Response Team
15,514 posts
OFFLINE

Gender:Male
Local time:03:41 PM

Posted 13 September 2010 - 06:26 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Unified Network of Instructors and Trusted Eliminators