Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92362 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] .exe files not running.


  • This topic is locked This topic is locked
38 replies to this topic

#1 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 November 2009 - 05:50 PM

I have tried numerous times to install antivirus programs to no avail. Whenever I try to run them, I get an error message that says something like ...is not a valid Win32 application. I thought it was just the antivirus programs, but I just tried to update Flash, and I got the same error message. What could the problem be? I realllly need an antivirus program!!

    Advertisements

Register to Remove


#2 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 23 November 2009 - 05:57 PM

Hello KateetaK. :welcome: Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#3 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 November 2009 - 06:01 PM

Thank you so much. :)

#4 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 23 November 2009 - 06:26 PM

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems. The logs from our tools can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • You will need to run all tools as an Administrator. To run a program as an Administrator you must right click on the program and select "Run as Administrator"
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please do not delete anything unless instructed to.

Run exeHelper
Please download exeHelper to your desktop.
Right Click on exeHelper.com and choose Run As Administrator.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download and run Win32kDiag

Scanning with DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.
Posted Image
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by doing the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
Scanning with GMER
Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please make sure you include the following items in your next post:
1. The log that was produced after running exeHelper.com
2. The log that was produced after running Win32kdiag.
3. The logs that were produced after running DDS (DDS.txt & Attach.txt)
4. The log that was produced after running GMER.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#5 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 November 2009 - 06:34 PM

I just tried to download each of these programs, and I am not able to download them. I tried using both Firefox and IE. Now I'm freaked out! I also did a search to see if they were on my system, and they're not.

Edited by KateetaK, 23 November 2009 - 06:36 PM.


#6 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 23 November 2009 - 07:27 PM

Are you getting an error message when attempting to downloading those files? If yes, please describe the error message you receive.

Can you try rebooting your computer into Safe Mode w/ Networking and try to download those programs that way.

To Enter Safemode w/ Networking
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode w/ Networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Do you have access to another computer and a flash drive?

Please answer the above questions in your next post.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#7 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 November 2009 - 09:23 PM

Alright, here is the progress that was made after I read your post:

I went into Safe Mode with Networking, and I had the same problems as I had in the computer's normal mode. Those problems were as follows:

1.) Both exeHelper and DDS gave me an error message that said, "The parameter is incorrect."
2.) Win32kDiag gave me an error message that said, "...is not a valid Win32 application." (Same error message I get when I try to download an executable file.)
3.) When I double click the GMER.zip download, a folder comes up that is empty, hence there is nothing to extract.

I do have access to another computer, so I was able to save 2 of the programs to my flash drive: Win32kDiag and GMER. (I will post those logs here.) However, I had no success with the other 2 programs you listed. When I tried to download exeHelper, a threat was detected that said the file was infected with a virus. I don't remember what happened with DDS, but I wasn't able to download that one either.

Now, when I run GMER on this computer, it starts scanning automatically and does find some things. (I will also post this log that has nothing unchecked.) However, in your post, you told me to make sure a few things were unchecked, so I unchecked those things and ran the scan again. When I do this scan with the items unchecked, the program stops running and gives me an error message that says, "gmer.exe has stopped working. A problem caused the program to stop running correctly. Windows will close the program and notify you if a solution is available." So, that's about where I'm at right now. I have listed the logs below.

Another thing I just noticed: In your post, you also said that when the Win32kDiag log was finished, it would say, "Finished! Press any key to exit..." I had the program running for a while, and I never received that message. I'll post both of the logs anyway. Maybe you can find something that hints to what is wrong with my computer. :( I appreciate your help so much.


Here is the Win32kDiag.txt log that I have:

Running from: C:\Users\HP_Administrator\Desktop\Win32kDiag.exe
Log file at : C:\Users\HP_Administrator\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl



Here is the GMER log that had all items on the right-hand side checked
:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-11-23 22:15:57
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\HP_ADM~1\AppData\Local\Temp\kwgdafod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

#8 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 November 2009 - 09:36 PM

I've actually still got the Win32kDiag log running, and it has found one more thing, so maybe it just takes a while.

#9 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 23 November 2009 - 10:28 PM

Lets try this again.
If you still have a copy of exeHelper on your computer then please go ahead and delete it and download a fresh copy.

As a reminder all programs that I have you run will need to be Run as an Administrator. This can be done by right clicking on the program and selecting "Run as Administrator".

Please ignore any warnings AVG may present to you when running exeHelper.
Run exeHelper
Please download exeHelper to your desktop.
Right Click on exeHelper.com and choose Run As Administrator.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Before running the next tool we next need to disable AVG.
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, ( I will let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.

Running ComboFix
Download Combofix from either of the links below. You must rename it to combo.com before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

    -----------------------------------------------------------

  • Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
Please make sure you include the following items in your next post:
1. The log that was produced after running exeHelper.
2. The log that was produced after running ComboFix.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#10 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 November 2009 - 10:59 PM

That's the problem: I cannot do anything with exeHelper after it downloads. I keep getting "The parameter is incorrect." Also, when I right click on exeHelper.com, I see nothing about running as an administrator. Nothing seems to be working for me! :( About the AVG thing, I can't even get into it. It hasn't worked for months now. I have absolutely no protection. When I double click it, I get an error message that says, "The application has failed to start because its side-by-side configuration is incorrect....." I tried several time to download ComboFix the way you told me, but as soon as I do, it shows up on the desktop then immediately disappears. I did a search, and it's not even showing up on my system. Oh, here is a quick update on the Win32kDiag log (it's still running i guess): Running from: C:\Users\HP_Administrator\Desktop\Win32kDiag.exe Log file at : C:\Users\HP_Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2009-11-23 21:43:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2009-11-23 21:42:39 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2009-11-23 21:42:39 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

Edited by KateetaK, 23 November 2009 - 11:00 PM.

    Advertisements

Register to Remove


#11 SweetTech

SweetTech

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,368 posts

Posted 24 November 2009 - 02:59 PM

Hello KateetaK,

We need to re-download exeHelper and ComboFix. Please download this programs onto another computer and then save them onto your flash drive.

The instructions are a little different then before so please pay special attention to them. If you have any questions please stop and ask me.

I'd like for you to download a different version of exeHelper. This version will save to your computer as explorer.exe.
  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
Next download ComboFix from Here or Here. Save this file onto your flash drive. Make sure that you save it as ComboFax.,

Plug your flash drive into the infected computer and attempt to run the programs now. Before running the programs you may need to right click on them and run them as an Administrator.

[b]Please post the logs that exeHelper and ComboFix produce after running them.

Posted Image
 

Proud Graduate of the WTT Classroom
 
Posted Image


#12 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 24 November 2009 - 10:29 PM

Ahhhh finally exeHelper worked. This was the first time I was able to actually download it! I will post the log to both that and ComboFix below. One thing I must add: I had to delete AVG completely because I could not run ComboFix with it running. Thing is, it wasn't working at all (hasn't in months), and there was no way for me to get into the program to disable anything because of the error messages I listed in some of my other posts. The ComboFix log is taking a while. It still says "preparing to run," so i will post that as soon as it's finished.

exeHelper log:

exeHelper by Raktor
Build 20091122
Run at 23:23:32 on 11/24/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

#13 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 24 November 2009 - 10:46 PM

Alright, so the ComboFix log has made no progress since my last post, but I was able to download and run DDS. Here is the log: DDS (Ver_09-11-24.02) - NTFSx86 Run by HP_Administrator at 23:39:13.96 on Tue 11/24/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.231 [GMT -5:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\ComboFix.com\CF26351.cfxxe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\HP_Administrator\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://verizon.yahoo.com uInternet Settings,ProxyOverride = localhost;<local>;*.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\users\hp_adm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166889208718 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\hp_adm~1\appdata\roaming\mozilla\firefox\profiles\nbt2co4w.default\ FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - component: c:\users\hp_administrator\appdata\roaming\mozilla\firefox\profiles\nbt2co4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\users\hp_administrator\appdata\roaming\mozilla\firefox\profiles\nbt2co4w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS =============== R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-12-8 4608] R0 nvamacpi;Nvidia Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2008-7-22 24608] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-8 21504] S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648] S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904] =============== Created Last 30 ================ 2009-11-25 04:30:17 0 d-s---w- C:\ComboFix.com 2009-11-25 04:27:17 77312 ----a-w- c:\windows\MBR.exe 2009-11-25 04:27:17 260608 ----a-w- c:\windows\PEV.exe 2009-11-24 00:53:20 0 d-----w- c:\program files\common files\Windows Live 2009-11-12 23:32:13 0 d-----w- c:\users\hp_adm~1\appdata\roaming\QuickScan 2009-11-10 21:02:15 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-10 21:01:42 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-04 15:04:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-10-30 18:59:00 0 d-----w- c:\windows\PCHEALTH 2009-10-30 13:20:59 0 d-----w- c:\users\hp_adm~1\appdata\roaming\GetRightToGo 2009-10-28 03:21:47 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-10-28 03:17:37 0 d-----w- c:\programdata\Skype 2009-10-27 18:21:00 0 d-----w- c:\program files\Windows Portable Devices 2009-10-27 18:20:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-10-27 18:20:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-10-27 18:18:28 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-10-27 18:18:27 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-10-27 18:18:27 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-10-27 18:16:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-27 18:15:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-27 18:15:59 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-27 18:07:28 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-27 18:07:25 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-27 17:52:23 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-27 17:51:53 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-27 17:51:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-27 17:51:44 171608 ----a-w- c:\windows\system32\wuwebv.dll ==================== Find3M ==================== 2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-27 18:20:50 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-27 18:20:50 51200 ----a-w- c:\windows\inf\infpub.dat 2009-10-27 18:20:49 86016 ----a-w- c:\windows\inf\infstor.dat 2009-10-27 18:20:49 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-10-25 02:08:32 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll 2008-12-09 15:30:42 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 23:41:29.95 =============== Attached File  Attach.txt   3.51KB   262 downloads

#14 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 24 November 2009 - 11:02 PM

Good news. Something you had me do must have helped, because I am now able to download .exe files with no problem. I actually just downloaded and installed Avira antivirus. I would still like your help, if possible, to make sure that everything is OK with my system. I also have a problem with Firefox resetting every time I reboot my computer. Let me know if I should post that problem here as well or if I should create a new thread for that particular problem.

#15 KateetaK

KateetaK

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 24 November 2009 - 11:47 PM

OK. I noticed a problem. I restarted my computer, and I got this error message below. My computer is also running slow now. Here is the error message:


System Settings protector has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


I am going to run a full system scan with Avira right now. If there is anything else I can do, please let me know. Thank you for all of your help. It is much appreciated.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users