Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Syswow64virus found by OTL [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Deselect the BBCi Player and reboot
  • 0

Advertisements


#17
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
I hope that I'm not being a bad smell! I did as you said but I still am not getting any response from anything in the normal mode. I also tried uninstalling iPlayer but I got the message'Windows installer service could not be accessed'.
I am getting the impression that you do not think that this is a malware problem, would you like me to post it on a different forum?

Edited by Jan1959, 26 November 2011 - 04:07 PM.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At the moment I am about 90% sure it is system related but, I need to increase that percentage to be happy, This can be run from safe mode if needed

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#19
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
Nothing found by Kaspersky apart from the same archived rar.exe temporary internet file that is passworded so cannot be scanned.

Manual detection file is attached

<?xml version="1.0" encoding="WINDOWS-1251"?>

<!-- AVZ XML Report -->
-<AVZ CompHash="D94F99D81DAD29AB85754A8BAADEC19D" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="True" Session="Console" ProfileDir="C:\Users\Jan" OS_CSDV="Service Pack 1" BootMode="2" OS_Build="7601" OS_MiVer="1" OS_MjVer="6" WinDir="C:\Windows\" LogDate="27.11.2011 11:15:05" Version="4.35"> <PROCESS> </PROCESS> <DLL> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" MemSize="013000" Base="30EE000" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpfve.sys"/> <ITEM LegalCopyright="" Descr="" MemSize="208000" Base="2CC5000" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_iaStor.sys"/> </KERNELOBJ> <Service> </Service> <Drivers> </Drivers> -<AUTORUN> <ITEM CheckResult="-1" File="C:\Users\Jan\AppData\Local\Temp\_uninst_.bat" X3="" X2="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" X1="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" MD5="E75FB75065160E2389338A50659A836F" ChageDate="26.11.2011 23:27:54" CreateDate="26.11.2011 23:27:53" Attr="rsAh" Size="348" Type="LNK" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="D:\a2dc54dd75b7619412361c\DW\DW20.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="auditcse.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="igfxdev.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> </AUTORUN> <BHO> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="WebCheck" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" ExtName="ColumnHandler" ExtType="2"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="LXDFPMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="localspl.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="FXSMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="tcpmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="usbmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="WSDMon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="inetpp.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" MD5="104A1070E90F1C530328E69B49718841" ChageDate="20.11.2010 12:20:30" CreateDate="06.10.2011 09:33:30" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" MD5="0B7E85364CB878E2AD531DB7B601A9E5" ChageDate="14.07.2009 01:16:02" CreateDate="13.07.2009 23:54:55" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 01:16:12" CreateDate="13.07.2009 23:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 01:16:12" CreateDate="13.07.2009 23:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 14:03:14" CreateDate="21.09.2010 14:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive NSP" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 14:03:14" CreateDate="21.09.2010 14:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive Local NSP" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" ChageDate="14.07.2009 01:16:19" CreateDate="13.07.2009 23:37:57" Attr="rsAh" Size="20992" SPINaim="NTDS" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> </SPI> <DPF> </DPF> <CPL> </CPL> <ActiveSetup> </ActiveSetup> <HOSTS> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> </ProtocolExt> -<IPU> <ITEM X2="@%SystemRoot%\System32\termsrv.dll,-268" X1="TermService" Code="1"/> <ITEM X2="@%systemroot%\system32\ssdpsrv.dll,-100" X1="SSDPSRV" Code="1"/> <ITEM X2="@%SystemRoot%\system32\schedsvc.dll,-100" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> <ITEM Fixed="0" Level="1" ID="66"/> </WIZARD-TSW> </AVZ>

rsion="1.0" encoding="windows-1251" ?>
<!-- AVZ XML Report -->
<AVZ Version="4.35" LogDate="27.11.2011 11:15:05" WinDir="C:\Windows\" OS_MjVer="6" OS_MiVer="1" OS_Build="7601" BootMode="2" OS_CSDV="Service Pack 1" ProfileDir="C:\Users\Jan" Session="Console" IsWow64="True" IsAdmin="True" IsSRDisabled="False" MainDBDate="12/30/1899" CompHash="D94F99D81DAD29AB85754A8BAADEC19D">
<PROCESS>
</PROCESS>
<DLL>
</DLL>
<KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\dump_dumpfve.sys" CheckResult="-1" Base="30EE000" MemSize="013000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="2CC5000" MemSize="208000" Descr="" LegalCopyright="" />
</KERNELOBJ>
<Service>
</Service>
<Drivers>
</Drivers>
<AUTORUN>
<ITEM File="C:\Users\Jan\AppData\Local\Temp\_uninst_.bat" CheckResult="-1" Enabled="1" Type="LNK" Size="348" Attr="rsAh" CreateDate="26.11.2011 23:27:53" ChageDate="26.11.2011 23:27:54" MD5="E75FB75065160E2389338A50659A836F" X1="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" X2="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" X3="" />
<ITEM File="C:\Windows\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="D:\a2dc54dd75b7619412361c\DW\DW20.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X3="EventMessageFile" />
<ITEM File="auditcse.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X3="DLLName" />
<ITEM File="igfxdev.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X3="DLLName" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
<BHO>
</BHO>
<ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WebCheck" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT>
<ITEM File="LXDFPMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="localspl.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="FXSMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="tcpmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="usbmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="WSDMon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="inetpp.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers" Descr="" LegalCopyright="" />
</PrintEXT>
<TaskScheduler>
</TaskScheduler>
<SPI>
<ITEM File="C:\Windows\system32\NLAapi.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" Descr="Network Location Awareness 2" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="06.10.2011 09:33:30" ChageDate="20.11.2010 12:20:30" MD5="104A1070E90F1C530328E69B49718841" />
<ITEM File="C:\Windows\system32\napinsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" Descr="E-mail Naming Shim Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="13.07.2009 23:54:55" ChageDate="14.07.2009 01:16:02" MD5="0B7E85364CB878E2AD531DB7B601A9E5" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 23:55:50" ChageDate="14.07.2009 01:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 23:55:50" ChageDate="14.07.2009 01:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 14:03:14" ChageDate="21.09.2010 14:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive Local NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 14:03:14" ChageDate="21.09.2010 14:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="20992" Attr="rsAh" CreateDate="13.07.2009 23:37:57" ChageDate="14.07.2009 01:16:19" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
</SPI>
<DPF>
</DPF>
<CPL>
</CPL>
<ActiveSetup>
</ActiveSetup>
<HOSTS>
</HOSTS>
<ProtocolExt>
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
</ProtocolExt>
<IPU>
<ITEM Code="1" X1="TermService" X2="@%SystemRoot%\System32\termsrv.dll,-268" />
<ITEM Code="1" X1="SSDPSRV" X2="@%systemroot%\system32\ssdpsrv.dll,-100" />
<ITEM Code="1" X1="Schedule" X2="@%SystemRoot%\system32\schedsvc.dll,-100" />
<ITEM Code="2" />
<ITEM Code="3" />
<ITEM Code="5" />
<ITEM Code="8" X1="-1" />
</IPU>
<WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
<ITEM ID="66" Level="1" Fixed="0" />
</WIZARD-TSW>
</AVZ>

Edited by Jan1959, 27 November 2011 - 05:27 AM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you attach the entire zip file please as per the last screen shot in the instruction

As that is a darn sight easier to read :)
  • 0

#21
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
I've only ever used the quick reply so I didn't know there was an attachment option.
Hope that this one is okay?

Attached Files


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nice and clean - so lets do a few system checks

First run a disk check - step by step guide here

If that does not alleviate the problem then we will look at other areas
  • 0

#23
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
Hi,
Sorry for the delay in replying - I have run check disk and although I could connect to the internet briefly, after Adobe Flash Player updated I had a 'Toshiba Notebook Registration reminder has stopped' message that just kept looping and wouldn't close. After that I couldn't access the internet again. I also tried check disk with repair but it froze half way through the program.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reboot and see if the internet is available again

When flash player update appeared where did the notification come from ?
  • 0

#25
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
Yes the internet is available atm but it was really slow to load. The flash player did come from Adobe but when I checked the event viewer, it said that Flash Player 32 bit had been installed when my laptop is a 64 bit. I also noticed that a repeated warning message that said vss was denied access to the root volume. Don't know if that was relevant?
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I have my doubts about that update - so lets do a quick run on that. When you did disc check did you get asked to reboot to continue ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#27
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
I am quite concerned now! As soon as I downloaded Combofix my Avast disappeared from my desktop. I continued to run Combofix from my desktop (it said that it was deleting files and folders as it progressed)then instead of producing a report,my laptop just shut itself down and then rebooted. The Combofix restarted automatically and then went through the same process again. In the end I had to force a shut down and reboot to safe mode. I did not get the normal txt document from Combofix.

Yes check disk did ask for a reboot.

Edited by Jan1959, 27 November 2011 - 12:52 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you retry from safe mode please - it may have been as I suspected and the flash update was a fake
  • 0

#29
Jan1959

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 249 posts
Exactly the same - it got to 50 and then rebooted itself and my lapptop back to the beginning without any log. I did try deleting Combofix any reinstalling it it safe mode just in case but no joy I'm afraid.
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run a fresh OTL for me please ensuring all users is selected
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP