Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How Windows Recovery Messed up my PC

Started by Krsaigon , Mar 24 2011 06:35 PM

  • This topic is locked This topic is locked

#16
Krsaigon
Posted 31 March 2011 - 07:40 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\runAPI92 deleted successfully.
C:\Documents and Settings\XP\Local Settings\Temp\runAPI69.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\Game\cmd.bat deleted successfully.
F:\Game\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 718755 bytes

User: XP
->Temp folder emptied: 2351335175 bytes
->Temporary Internet Files folder emptied: 65776487 bytes
->Java cache emptied: 23954222 bytes
->FireFox cache emptied: 51426389 bytes
->Google Chrome cache emptied: 80413450 bytes
->Apple Safari cache emptied: 117760 bytes
->Flash cache emptied: 114045 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 10173457 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1249881266 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 536451 bytes

Total Files Cleaned = 3,659.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: XP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 04012011_020906

Files\Folders moved on Reboot...
C:\Documents and Settings\XP\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...
  • 0

Advertisements

#17
Essexboy
Posted 01 April 2011 - 10:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your current problems on both systems now ?
  • 0

#18
Essexboy
Posted 05 April 2011 - 02:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#19
Essexboy
Posted 02 June 2011 - 10:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#20
Krsaigon
Posted 04 June 2011 - 09:14 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
hey I'm having a problem installing Net FrameWork 3.51 SP1 on my main PC after that whole fiasco. I still have a file called RunAPI,exe on startup but I block it from running. Keep getting the error has occurred message when I try to install net framework
  • 0

#21
Essexboy
Posted 04 June 2011 - 10:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The run api is part of the net framework, so it needs to run - the one we deleted earlier had a slightly different name and was bad

Allo the api to run and let me know if you still get a problem with it, also what is the exact error given
  • 0

#22
Krsaigon
Posted 04 June 2011 - 03:50 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
It says RunAPI69.exe

Posted Image


here is the error I get when I try to install

Posted Image
  • 0

#23
Essexboy
Posted 04 June 2011 - 04:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time for the big boy

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#24
Krsaigon
Posted 05 June 2011 - 05:46 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
ComboFix 11-06-05.01 - Russel 06/05/2011 12:26:51.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1296 [GMT 1:00]
Running from: c:\documents and settings\Russel.YOUR-C94F920E24\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.YOUR-C94F920E24\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\aleck.YOUR-C94F920E24\WINDOWS
c:\documents and settings\aleck\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\faith\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\hevo\WINDOWS
c:\documents and settings\HP_Owner\WINDOWS
c:\documents and settings\Russel.YOUR-C94F920E24\Start Menu\Programs\Windows Recovery
c:\documents and settings\Russel.YOUR-C94F920E24\WINDOWS
c:\documents and settings\Russel\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 02:00 . 2011-06-05 02:03 -------- d-----w- C:\5a3ea90fdf104062c79266
2011-05-28 15:49 . 2011-06-01 00:28 -------- d-----w- c:\program files\CraigsCrawl
2011-05-19 00:21 . 2011-05-19 00:21 -------- d-----w- c:\program files\DupRemover
2011-05-19 00:08 . 2011-05-19 00:08 -------- d-----w- c:\program files\Duplicate Manager 3.0
2011-05-18 21:56 . 2011-06-02 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-18 21:56 . 2011-05-18 21:56 -------- d-----w- c:\program files\Common Files\Skype
2011-05-12 12:57 . 2011-05-12 12:57 -------- d-----w- c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Wordpress Mage
2011-05-12 12:57 . 2011-05-12 12:57 -------- d-----w- c:\program files\Wordpress Mage
2011-05-12 12:41 . 2011-05-12 23:13 -------- d-----w- c:\program files\SERPAttacks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 02:32 . 2011-04-22 02:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-14 16:26 . 2011-06-01 00:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 180269]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-21 27136]
.
c:\documents and settings\hevo\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-21 27136]
.
c:\documents and settings\Administrator.YOUR-C94F920E24\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-21 27136]
.
c:\documents and settings\aleck.YOUR-C94F920E24\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\faith\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"MSConfig"=c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KodakShareButtonApp"=c:\program files\Kodak\KODAK Share Button App\Listener.exe
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Russel.YOUR-C94F920E24\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"90:TCP"= 90:TCP:AgentServer connection
"5700:UDP"= 5700:UDP:Network Discovery port
"5701:UDP"= 5701:UDP:Network Discovery port (Broadcast)
"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R0 15188712;15188712 Boot Guard Driver;c:\windows\system32\drivers\15188712.sys [3/25/2011 3:32 PM 37392]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R1 setup_9.0.0.722_25.03.2011_16-20drv;setup_9.0.0.722_25.03.2011_16-20drv;c:\windows\system32\drivers\1518871.sys [3/25/2011 3:32 PM 315408]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:00 PM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [6/24/2010 11:08 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [6/24/2010 11:09 AM 65856]
S1 15188711;15188711;c:\windows\system32\DRIVERS\15188711.sys --> c:\windows\system32\DRIVERS\15188711.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 4:18 AM 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 5:39 PM 88176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 4:18 AM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 10:12 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 03:18]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 03:18]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009Core.job
- c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 11:50]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009UA.job
- c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 11:50]
.
2011-05-27 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 18:22]
.
2011-05-02 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-04-17 18:36]
.
2011-06-05 c:\windows\Tasks\User_Feed_Synchronization-{9F6FD136-0ABE-43A8-970A-D40E2C30CE97}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2011-05-31 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-04-03 10:32]
.
2011-06-01 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-04-03 10:32]
.
2011-05-21 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-24 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = local;*.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2D1EB7FD-03B6-7290-C6E8-B5B1E192FC7B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaplclgjkimjfpejme"=hex:6a,61,67,70,63,6d,68,6a,68,66,6a,6b,70,68,67,64,63,6b,
64,6d,00,d0
"hannekhlpdiidpen"=hex:6a,61,67,70,63,6d,68,6a,68,66,6a,6b,70,68,67,64,63,6b,
64,6d,00,d0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-05 12:44:31
ComboFix-quarantined-files.txt 2011-06-05 11:44
.
Pre-Run: 16,438,308,864 bytes free
Post-Run: 20,747,206,656 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=3
.
- - End Of File - - B96471CF7789DA2940560CE5797E0B97
  • 0

#25
Essexboy
Posted 05 June 2011 - 05:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you retry the update please

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\DRIVERS\15188711.sys

Driver::
15188711


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

Advertisements

#26
Krsaigon
Posted 05 June 2011 - 11:44 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
ComboFix 11-06-05.06 - Russel 06/06/2011 6:24.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1983.1355 [GMT 1:00]
Running from: c:\documents and settings\Russel.YOUR-C94F920E24\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Russel.YOUR-C94F920E24\My Documents\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\DRIVERS\15188711.sys"
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\Application Data\Pahovo
c:\windows\system32\config\systemprofile\Application Data\Pahovo\elah.eqo
c:\windows\system32\config\systemprofile\Application Data\Pahovo\elah.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_15188711
-------\Service_15188711
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 02:00 . 2011-06-06 02:00 -------- d-----w- C:\42c687b82ee949ecb446b2
2011-06-06 02:00 . 2011-06-06 05:24 -------- d-----w- C:\117ce940ed6ebb127004
2011-05-28 15:49 . 2011-06-01 00:28 -------- d-----w- c:\program files\CraigsCrawl
2011-05-19 00:21 . 2011-05-19 00:21 -------- d-----w- c:\program files\DupRemover
2011-05-19 00:08 . 2011-05-19 00:08 -------- d-----w- c:\program files\Duplicate Manager 3.0
2011-05-18 21:56 . 2011-06-05 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-18 21:56 . 2011-05-18 21:56 -------- d-----w- c:\program files\Common Files\Skype
2011-05-12 12:57 . 2011-05-12 12:57 -------- d-----w- c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Wordpress Mage
2011-05-12 12:57 . 2011-05-12 12:57 -------- d-----w- c:\program files\Wordpress Mage
2011-05-12 12:41 . 2011-05-12 23:13 -------- d-----w- c:\program files\SERPAttacks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 02:32 . 2011-04-22 02:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-14 16:26 . 2011-06-01 00:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 180269]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-21 27136]
.
c:\documents and settings\hevo\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-21 27136]
.
c:\documents and settings\Administrator.YOUR-C94F920E24\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-21 27136]
.
c:\documents and settings\aleck.YOUR-C94F920E24\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\faith\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Google Update"="c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"MSConfig"=c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"KodakShareButtonApp"=c:\program files\Kodak\KODAK Share Button App\Listener.exe
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Documents and Settings\\Russel.YOUR-C94F920E24\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"90:TCP"= 90:TCP:AgentServer connection
"5700:UDP"= 5700:UDP:Network Discovery port
"5701:UDP"= 5701:UDP:Network Discovery port (Broadcast)
"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 15188712;15188712 Boot Guard Driver;c:\windows\system32\drivers\15188712.sys [3/25/2011 3:32 PM 37392]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R1 setup_9.0.0.722_25.03.2011_16-20drv;setup_9.0.0.722_25.03.2011_16-20drv;c:\windows\system32\drivers\1518871.sys [3/25/2011 3:32 PM 315408]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 12:00 PM 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/20/2010 5:39 PM 88176]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [6/24/2010 11:08 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [6/24/2010 11:09 AM 65856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 4:18 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 4:18 AM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 1:49 PM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 10:12 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 03:18]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 03:18]
.
2011-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009Core.job
- c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 11:50]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1951882237-1008395978-543828888-1009UA.job
- c:\documents and settings\Russel.YOUR-C94F920E24\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 11:50]
.
2011-05-27 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 18:22]
.
2011-05-02 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-04-17 18:36]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{9F6FD136-0ABE-43A8-970A-D40E2C30CE97}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2011-05-31 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-04-03 10:32]
.
2011-06-01 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-04-03 10:32]
.
2011-05-21 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-24 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = local;*.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Russel.YOUR-C94F920E24\Application Data\Mozilla\Firefox\Profiles\ad31uh3q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=

.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 06:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1951882237-1008395978-543828888-1009\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2D1EB7FD-03B6-7290-C6E8-B5B1E192FC7B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaplclgjkimjfpejme"=hex:6a,61,67,70,63,6d,68,6a,68,66,6a,6b,70,68,67,64,63,6b,
64,6d,00,d0
"hannekhlpdiidpen"=hex:6a,61,67,70,63,6d,68,6a,68,66,6a,6b,70,68,67,64,63,6b,
64,6d,00,d0
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\MFC80.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
c:\program files\Common Files\Nero\DSFilter\NeMP4Splitter.ax
c:\program files\Common Files\Nero\DSFilter\NeFLVSplitter.ax
c:\program files\Common Files\Nero\DSFilter\NeSplitter.ax
c:\windows\system32\wmpasf.dll
c:\windows\system32\DRMClien.DLL
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2011-06-06 06:42:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 05:42
ComboFix2.txt 2011-06-05 11:44
.
Pre-Run: 20,343,357,440 bytes free
Post-Run: 20,415,225,856 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=3
.
- - End Of File - - DC777C67B87DC209C9774052C183FEEE
  • 0

#27
Essexboy
Posted 06 June 2011 - 03:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now retry the update please
  • 0

#28
Krsaigon
Posted 06 June 2011 - 07:36 AM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Posted Image

pretty much the same error all the way through.
  • 0

#29
Essexboy
Posted 06 June 2011 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there are several fixes for this - we will start easy and go from there (this is a known problem with .net)

Go here and run the fixit on that page

If that should fail then go to this page and start at Method 2
  • 0

#30
Krsaigon
Posted 08 June 2011 - 01:57 PM

Krsaigon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I give up, still no dice. Same error, thank you for all the help.

I installed netframework 4 and it worked.....but 3.5 SP1 lookslike a lost cause of epic propotions

Edited by Krsaigon, 08 June 2011 - 02:17 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP