Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknow virus found + Trojan Horse [Solved]


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

For the record you have not messed up anything so do not worry about that at all. ;)

Now I think the root cause is the actual ISP you are using as I mentioned prior, further research reveals problems with it as explained here.

So this is actually hindering myself to be able too assist you fully most unfortunately...Basically the ISP you are using does not conform to the recognised standard for Internet PTR(pointer) and in turn the DNS(domain name server) provided/currently in use is far from desirable.

Next:

However I have given this particular problem some thought and we may just be able to work around this:-

3. Will have friend come over tonight to help me reset route ( i dare not touch that)

By all means have your friend assist you. What I propose is we actually check if setting a DNS not associated with your ISP will make any difference.

So after your Router has been reset to factory default and a new admin password applied, follow the advice in the below article:-

Add OpenDNS To Your Router

You will also need to change the DNS settings on your actual machine also to same now being used by your Router, how to do can be read here.

Then carry out the below please:-

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Posted Image
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Next:

Click on this DNS Changer Check-Up and let myself know if the results are either good or bad etc.

Next:

Let myself know when the above has been completed plus the results of the DNS check and we will go from there, thank you.
  • 0

Advertisements


#17
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
every seen those cartoons where the cats get all fried and frizzle - thats how I feel after performing the last set of tasks-i understand more in a drunken stupor then I did tonight doing he router and dns...smile but I think I got it.

followed all instruction and change router name/password/reset, etc, changed the dns and internet worked (although IE still has same problems, its difficult to navigate with the red x as I have to move my mouse over each one to see what it actually does - I should not have uninstalled firefox - bad move)

followed ur "Dakeyras.bat" and it did shot down

However DNS Changer Check-Up (http://www.dns-ok.us/) will not open so cannot post that information

Awaiting the next stage of the "boot camp"
  • 0

#18
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

Just tried the dns changer check up and it opened (abiet very slowly)

DNS Resolution = GREEN

Your computer appears to be looking up IP addresses correctly!

Had your computer been infected with DNS changer malware you would have seen a red background. Please note, however, that if your ISP is redirecting DNS traffic for its customers you would have reached this site even though you are infected. For additional information regarding the DNS changer malware, please
  • 0

#19
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

every seen those cartoons where the cats get all fried and frizzle - thats how I feel after performing the last set of tasks-i understand more in a drunken stupor then I did tonight doing he router and dns...smile but I think I got it.

Amusing/interesting analogy, aye it can be somewhat daunting but the instructions were about the most user friendly I could provide being honest but the main thing is you accomplished all.

Anyway lets proceed as follows shall we...

Fix IE Utility:

Please download Fix IE Utility then unzip the file to your desktop.

  • Close all open windows, especially Internet Explorer.
  • Double click on Fix IE Utility to run the application.
  • Now click on the Run Utility button as shown in the image:-

    Posted Image
  • Wait until the following message appears:-

    Posted Image
  • Then click on OK.
  • Restart your machine to see if your Internet Explorer is now working correctly again.
Scan with MiniToolBox:

Please download MiniToolBox and save it to your desktop.

  • Close all open windows, especially Internet Explorer.
  • Double click on MiniToolBox to run the application.
  • Select all available options, then click on the Go tab.
  • When the scan is complete, MiniToolBox will automatically close.
  • Post the contents of Results.txt which should be on the desktop.

  • 0

#20
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Dakeyras

Ok followed the instruction, afraid no improvement on IE, still red x's all over and infact it seems slower (tends to freeze) and wont open google), do you think this is still the malware causing the problem or just IE?

Below the log requested

MiniToolBox by Farbar Version: 25-06-2012
Ran by sfvb (administrator) on 07-07-2012 at 11:27:39
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : sf2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-12-3F-6A-9A-7F



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-13-CE-38-B6-E1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

114.64.255.146

Lease Obtained. . . . . . . . . . : 07 July 2012 11:19:42

Lease Expires . . . . . . . . . . : 08 July 2012 11:19:42

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 74.125.71.138, 74.125.71.101, 74.125.71.102, 74.125.71.139
74.125.71.113, 74.125.71.100



Pinging google.com [74.125.71.102] with 32 bytes of data:



Reply from 74.125.71.102: bytes=32 time=42ms TTL=50

Reply from 74.125.71.102: bytes=32 time=40ms TTL=50



Ping statistics for 74.125.71.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 42ms, Average = 41ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=165ms TTL=47

Request timed out.



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 165ms, Maximum = 165ms, Average = 165ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f 6a 9a 7f ...... Broadcom 440x 10/100 Integrated Controller
0x10004 ...00 13 ce 38 b6 e1 ...... Intel® PRO/Wireless 2200BG Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
255.255.255.255 255.255.255.255 192.168.1.100 10003 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2012 03:04:39 PM) (Source: Application Error) (User: )
Description: Faulting application divx plus player.exe, version 10.2.1.20, faulting module divx plus player.exe, version 10.2.1.20, fault address 0x0000bac1.
Processing media-specific event for [divx plus player.exe!ws!]

Error: (06/29/2012 03:29:38 PM) (Source: Application Error) (User: )
Description: Faulting application mplayerc.exe, version 6.4.9.1, faulting module libmplayer.dll, version 0.0.0.0, fault address 0x0002c432.
Processing media-specific event for [mplayerc.exe!ws!]

Error: (06/26/2012 00:14:12 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/26/2012 00:11:42 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/23/2012 11:13:54 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module realmediasplitter.ax, version 1.0.1.4, fault address 0x0000f978.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/23/2012 01:52:25 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module 3.tmp, version 6.0.2600.0, fault address 0x000014c7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/22/2012 02:01:21 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module 3.tmp, version 6.0.2600.0, fault address 0x000014c7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/21/2012 08:49:56 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module 3.tmp, version 6.0.2600.0, fault address 0x000014c7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/21/2012 03:05:48 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18702, fault address 0x0009da70.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/21/2012 10:16:24 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module 3.tmp, version 6.0.2600.0, fault address 0x000014c7.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (07/07/2012 11:20:19 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

Error: (07/07/2012 11:20:19 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer HP LaserJet 3050 Series PCL 6 failed to initialize because a suitable HP LaserJet 3050 Series PCL 6 driver could not be found.

Error: (07/07/2012 10:09:46 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

Error: (07/07/2012 10:09:46 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer HP LaserJet 3050 Series PCL 6 failed to initialize because a suitable HP LaserJet 3050 Series PCL 6 driver could not be found.

Error: (07/07/2012 10:07:47 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 0013CE38B6E1 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/06/2012 10:24:36 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

Error: (07/06/2012 10:24:36 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer HP LaserJet 3050 Series PCL 6 failed to initialize because a suitable HP LaserJet 3050 Series PCL 6 driver could not be found.

Error: (07/06/2012 09:39:13 PM) (Source: ipnathlp) (User: )
Description: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Error: (07/06/2012 09:39:07 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 0013CE38B6E1 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (07/06/2012 04:00:31 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.


Microsoft Office Sessions:
=========================
Error: (07/05/2012 03:04:39 PM) (Source: Application Error)(User: )
Description: divx plus player.exe10.2.1.20divx plus player.exe10.2.1.200000bac1

Error: (06/29/2012 03:29:38 PM) (Source: Application Error)(User: )
Description: mplayerc.exe6.4.9.1libmplayer.dll0.0.0.00002c432

Error: (06/26/2012 00:14:12 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000

Error: (06/26/2012 00:11:42 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000

Error: (06/23/2012 11:13:54 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.2180realmediasplitter.ax1.0.1.40000f978

Error: (06/23/2012 01:52:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.187023.tmp6.0.2600.0000014c7

Error: (06/22/2012 02:01:21 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.187023.tmp6.0.2600.0000014c7

Error: (06/21/2012 08:49:56 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.187023.tmp6.0.2600.0000014c7

Error: (06/21/2012 03:05:48 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.187020009da70

Error: (06/21/2012 10:16:24 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.187023.tmp6.0.2600.0000014c7


=========================== Installed Programs ============================

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2)
Acoustica Effects Pack (Version: 1.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 10 Plugin (Version: 10.1.53.7)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Any Video Converter 3.0.7
Apple Software Update (Version: 2.1.2.120)
Audacity 1.3.12 (Unicode)
Avanquest update (Version: 1.22)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.1913)
Bitvise Tunnelier 4.40 (remove only)
Bonjour (Version: 2.0.1.2)
Broadcom 440x 10/100 Integrated Controller (Version: 5.51.03)
C-Major Audio (Version: 42xx)
Chinese Simplified Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Click to Call with Skype (Version: 5.6.8153)
Conexant D480 MDC V.9x Modem
Dell Media Experience
Dell ResourceCD
DivX Setup (Version: 2.1.2.2)
ERUNT 1.1j
Google Update Helper (Version: 1.3.21.99)
Intel® Extreme Graphics 2 Driver
Intel® PROSet/Wireless Software (Version: 9.00.0000)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 1.19.0000)
mDriver (Version: 1.19.0000)
mDrWiFi (Version: 1.19.0000)
mHlpDell (Version: 1.19.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mIWA (Version: 1.19.0000)
mIWCA (Version: 1.19.0000)
mLogView (Version: 1.19.0000)
mMHouse (Version: 1.19.0000)
Motorola Phone Tools (Version: 4.3.5a 10-03-2006)
Motorola Phone Tools (Version: 4.30)
MpcStar 5.4 (Version: 5.4)
mPfMgr (Version: 1.19.0000)
mPfWiz (Version: 1.19.0000)
mProSafe (Version: 9.00.0000)
MSN
mSSO (Version: 1.19.0000)
mToolkit (Version: 1.19.0000)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.19.0000)
mZConfig (Version: 1.19.0000)
PCIxx20 (Version: 1.01.0004)
PowerDVD 5.9
QuickTime (Version: 7.66.71.0)
Real Alternative 2.0.2 (Version: 2.0.2)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Simple Port Tester (Version: 2.1.5)
Skype™ 5.5 (Version: 5.5.117)
Sonic Audio module (Version: 2.0.0)
Sonic DLA (Version: 4.97)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Texas Instruments PCIxx20 drivers. (Version: 1.01.0004)
Thomas Applications
Thomas Key
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Vodafone Mobile Connect Lite Runtime Components (Version: 2.2.2.1)
Voipwise (Version: 4.07 build 630)
WebFldrs XP (Version: 9.50.7523)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Messenger (Version: 8.1.0106.00)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
WPS Office ¸öČË°ć (8.1.0.2998) (Version: 8.1.0.2998)

========================= Devices: ================================

Name: Advanced Configuration and Power Interface (ACPI) PC
Description: Advanced Configuration and Power Interface (ACPI) PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI

Name: Intel® Pentium® M processor 1.70GHz
Description: Intel Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: intelppm

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Manufacturer: Microsoft
Service: CmBatt

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631E54-78A4-11D0-BCF7-00AA00B7B32A}
Manufacturer: Microsoft
Service: CmBatt

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Sleep Button
Description: ACPI Sleep Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Intel® 82852/82855 GM/GME/PM to Processor I/O Controller - 3580
Description: Intel® 82852/82855 GM/GME/PM to Processor I/O Controller - 3580
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Intel® 82852/82855 GM/GME/PM to Processor I/O Controller - 3584
Description: Intel® 82852/82855 GM/GME/PM to Processor I/O Controller - 3584
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Intel® 82852/82855 GM/GME/PM to Processor I/O Controller - 3585
Description: Intel® 82852/82855 GM/GME/PM to Processor I/O Controller - 3585
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard monitor types)
Service:

Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm

Name: Plug and Play Monitor
Description: Plug and Play Monitor
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard monitor types)
Service:

Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: mouhid

Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C4
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C4
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C7
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C7
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Description: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801DBM PCI Bridge - 2448
Description: Intel® 82801DBM PCI Bridge - 2448
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci

Name: Intel® PRO/Wireless 2200BG Network Connection
Description: Intel® PRO/Wireless 2200BG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel® Corporation
Service: w29n51

Name: Texas Instruments PCIxx20 Cardbus Controller
Description: Generic CardBus Controller
Class Guid: {4D36E977-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: pcmcia

Name: Texas Instruments PCIxx20 Cardbus Controller
Description: Generic CardBus Controller
Class Guid: {4D36E977-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: pcmcia

Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Class Guid: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Texas Instruments
Service: ohci1394

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394

Name: Texas Instruments PCIxx20 Integrated FlashMedia Controller
Description: Texas Instruments PCIxx20 Integrated FlashMedia Controller
Class Guid: {4D36E970-E325-11CE-BFC1-08002BE10318}
Manufacturer: Texas Instruments Inc
Service: tifm

Name: Broadcom 440x 10/100 Integrated Controller
Description: Broadcom 440x 10/100 Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: bcm4sbxp

Name: Intel® 82801DBM LPC Interface Controller - 24CC
Description: Intel® 82801DBM LPC Interface Controller - 24CC
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPIEC

Name: Printer Port (LPT1)
Description: Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt

Name: Intel® 82801DBM Ultra ATA Storage Controller - 24CA
Description: Intel® 82801DBM Ultra ATA Storage Controller - 24CA
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pciide

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Hitachi HTS541612J9AT00
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: PHILIPS CDRW/DVD SCB5265
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Intel® 82801DB/DBM SMBus Controller - 24C3
Description: Intel® 82801DB/DBM SMBus Controller - 24C3
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:

Name: SigmaTel C-Major Audio
Description: SigmaTel C-Major Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: SigmaTel
Service: STAC97

Name: Conexant D480 MDC V.9x Modem
Description: Conexant D480 MDC V.9x Modem
Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Conexant
Service: Modem

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Compbatt

Name: Logical Disk Manager
Description: Logical Disk Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: dmio

Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Intel® PRO/Wireless 2200BG Network Connection - Intel Wireless Connection Agent Miniport
Description: Intel Wireless Connection Agent Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: IWCA

Name: AEGIS Protocol (IEEE 802.1x) v3.1.0.1
Description: AEGIS Protocol (IEEE 802.1x) v3.1.0.1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AegisP

Name: AFD
Description: AFD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: 1394 ARP Client Protocol
Description: 1394 ARP Client Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Arp1394

Name: AVGIDSDriver
Description: AVGIDSDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSDriver

Name: AVGIDSEH
Description: AVGIDSEH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSEH

Name: AVGIDSFilter
Description: AVGIDSFilter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSFilter

Name: AVGIDSShim
Description: AVGIDSShim
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSShim

Name: AVG AVI Loader Driver
Description: AVG AVI Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Avgldx86

Name: AVG Free Network Redirector
Description: AVG Free Network Redirector
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AvgTdiX

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: catchme
Description: catchme
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: catchme

Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmload

Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fips

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Gpc

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: IntelIde
Description: IntelIde
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IntelIde

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpFilterDriver

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPSec

Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ksecdd

Name: mdmxsdk
Description: mdmxsdk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mdmxsdk

Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mnmdd

Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: OMCI
Description: OMCI
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: OMCI

Name: PartMgr
Description: PartMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PartMgr

Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ParVdm

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: WLAN Transport
Description: WLAN Transport
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: s24trans

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VolSnap

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarp

Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WS2IFSL

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti

Name: Terminal Server Device Redirector
Description: Terminal Server Device Redirector
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: rdpdr

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio

Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios


========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 494.42 MB
Available physical RAM: 234.53 MB
Total Pagefile: 1156.86 MB
Available Pagefile: 802.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:19.53 GB) (Free:9.23 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:29.29 GB) (Free:6.8 GB) NTFS
3 Drive e: () (Fixed) (Total:29.29 GB) (Free:6.33 GB) NTFS
4 Drive f: () (Fixed) (Total:33.66 GB) (Free:8.36 GB) NTFS

========================= Users: ========================================

User accounts for \\SF2

Administrator ASPNET Guest
HelpAssistant sfvb SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini052611-01.dmp
========================= Restore Points ==================================

02-07-2012 11:33:21 System Checkpoint
03-07-2012 05:28:55 Removed Adobe Reader 9.4.1.
03-07-2012 05:32:30 Removed Java™ 6 Update 20
03-07-2012 06:05:10 OTL Restore Point - 03/07/2012 14:05:04
04-07-2012 08:19:08 System Checkpoint
04-07-2012 12:46:04 Installed Microsoft Fix it 50195
06-07-2012 04:34:25 System Checkpoint

**** End of log ****
  • 0

#21
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Ok followed the instruction, afraid no improvement on IE, still red x's all over and infact it seems slower (tends to freeze) and wont open google), do you think this is still the malware causing the problem or just IE?

Quite possible malware is still the culprit however there are a fair few application errors for the browser. The exact cause could be a myriad of possibilities to be quite frank. Plus even though you are now using OpenDNS I still suspect some of the root cause for other issues is the actual ISP in use still. Though appreciate not a lot we can do about that one until you are back home etc.

The fact your machine has been so long without SP3 and a lot of critical updates all told is a major factor also...Anyway carry out the below for me please as follows.

Next:

Re-run the Microsoft FixIT for IE again for me please, but this time do not re-enable any add-ons what so ever. Also post a new OTL log and we will go from there, thank you.
  • 0

#22
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

Well thats why I was asking, since the pc seems to be running fine, and when I did used Firefox I dnt have any problems with pictures (red X), so I thought Maybe Uninstall IE, but if its still malware that wont help. As for the ISP (I have had a look at my contract with them an it expires in a month and half time so I will select a different ISP supplier.

Ran Fixit, still same issues on IE.

Below OTL log

again thanks for ur patience in assisting me.

OTL logfile created on: 08/07/2012 09:39:55 - Run 4
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\sfvb\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

494.42 Mb Total Physical Memory | 117.52 Mb Available Physical Memory | 23.77% Memory free
1.13 Gb Paging File | 0.72 Gb Available in Paging File | 64.09% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 9.17 Gb Free Space | 46.93% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 6.80 Gb Free Space | 23.23% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 6.33 Gb Free Space | 21.61% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 8.36 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

Computer Name: SF2 | User Name: sfvb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\sfvb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\sfvb\LOCALS~1\Temp\catchme.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (tifm) -- C:\WINDOWS\system32\drivers\tifm.sys (Texas Instruments)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{B965E9D1-8213-415E-A181-F8175661ED1E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/14 12:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/07 11:49:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/15 09:26:22 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/07/06 22:22:04 | 000,000,022 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchin...oad/CMBEdit.cab (Edit Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 114.64.255.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E21A50FD-326F-46B7-90B0-CED202A1549F}: DhcpNameServer = 208.67.222.222 208.67.220.220 114.64.255.146
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\sfvb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sfvb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 23:15:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/07/02 14:32:29 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/13 13:44:31 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 11:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sfvb\Desktop\Fix IE
[2012/07/06 16:01:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/06 15:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/06 15:10:47 | 016,430,008 | ---- | C] (Mozilla) -- C:\Documents and Settings\sfvb\Desktop\Firefox Setup 13.0.1.exe
[2012/07/04 23:14:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/04 23:14:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/04 23:14:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/04 23:14:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/04 23:13:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/04 23:05:59 | 004,572,925 | R--- | C] (Swearware) -- C:\Documents and Settings\sfvb\Desktop\ComboFix.exe
[2012/07/04 10:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sfvb\Application Data\TigerPlayer
[2012/07/03 22:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sfvb\Application Data\Malwarebytes
[2012/07/03 21:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 21:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/03 21:59:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/03 21:58:03 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\sfvb\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/03 21:40:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/03 21:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sfvb\Desktop\FixPolicies
[2012/07/03 21:36:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sfvb\Desktop\OTL.exe
[2012/07/03 13:55:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\sfvb\Desktop\aswMBR.exe
[2012/07/03 13:45:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/07/03 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/07/03 13:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/03 13:38:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\sfvb\Desktop\erunt-setup.exe
[2012/07/03 10:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BaiduPlayer
[2012/07/02 21:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sfvb\Application Data\CometPlayer
[2012/07/02 14:32:29 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2012/06/28 08:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/22 12:14:57 | 000,684,288 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\sfvb\Desktop\RealPlayer2012.exe
[2012/06/17 10:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Kingsoft
[2010/12/02 15:54:40 | 043,658,352 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXInstaller.exe
[2010/12/02 15:12:11 | 011,873,890 | ---- | C] (Audacity Team ) -- C:\Program Files\audacity-win-unicode-1.3.12.exe
[2010/06/21 10:04:29 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmmdm.sys
[2010/06/21 10:04:29 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmserd.sys
[2010/06/21 10:04:29 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmbus.sys
[2010/06/21 10:04:29 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmmdfl.sys
[2010/06/21 10:04:29 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmcmnt.sys
[2010/06/21 10:04:29 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmwhnt.sys
[2010/06/21 10:04:29 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\sfvb\mqdmcr.sys
[2010/06/21 10:04:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\sfvb\usbsermptxp.sys
[2010/06/21 10:04:28 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\sfvb\usbsermpt.sys

========== Files - Modified Within 30 Days ==========

[2012/07/08 09:34:23 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1677128483-1343024091-1003.job
[2012/07/08 09:34:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1677128483-1343024091-1003.job
[2012/07/08 09:33:48 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 09:33:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/08 09:28:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/08 09:19:45 | 101,277,290 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/07 23:02:01 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_sfvb.job
[2012/07/07 22:49:56 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\sfvb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/07 22:31:21 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\sfvb\Application Data\coreavc.ini
[2012/07/07 11:17:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/07/07 11:17:24 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/07/07 11:06:37 | 000,403,231 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\MiniToolBox.exe
[2012/07/07 11:06:18 | 000,415,707 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\Fix IE.zip
[2012/07/06 22:22:16 | 000,006,852 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\all
[2012/07/06 22:22:04 | 000,000,022 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/06 16:30:53 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\sfvb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2012/07/06 15:41:57 | 004,572,925 | R--- | M] (Swearware) -- C:\Documents and Settings\sfvb\Desktop\ComboFix.exe
[2012/07/06 15:10:47 | 016,430,008 | ---- | M] (Mozilla) -- C:\Documents and Settings\sfvb\Desktop\Firefox Setup 13.0.1.exe
[2012/07/06 13:19:43 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\sfvb\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/07/06 11:10:30 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2012/07/05 11:09:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/04 22:59:06 | 000,649,555 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\Print screen.png
[2012/07/04 20:44:40 | 000,659,968 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\MicrosoftFixit50195.msi
[2012/07/04 17:00:30 | 000,181,354 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/07/03 21:59:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 21:58:03 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\sfvb\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/03 21:37:34 | 000,185,065 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\FixPolicies.exe
[2012/07/03 21:37:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sfvb\Desktop\OTL.exe
[2012/07/03 14:00:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\MBR.dat
[2012/07/03 13:58:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\sfvb\Desktop\aswMBR.exe
[2012/07/03 13:44:52 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\NTREGOPT.lnk
[2012/07/03 13:44:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\ERUNT.lnk
[2012/07/03 13:39:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\sfvb\Desktop\erunt-setup.exe
[2012/07/03 10:33:14 | 015,519,888 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\BaiduPlayer1.14.0.132.exe
[2012/07/03 09:10:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/02 14:21:51 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\Flash_Disinfector.exe
[2012/06/22 13:28:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/22 12:15:02 | 000,684,288 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\sfvb\Desktop\RealPlayer2012.exe
[2012/06/17 17:26:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/11 16:56:39 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\sfvb\Desktop\Microsoft Office Word 2003.lnk

========== Files Created - No Company Name ==========


[2012/07/07 11:06:30 | 000,403,231 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\MiniToolBox.exe
[2012/07/07 11:06:17 | 000,415,707 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\Fix IE.zip
[2012/07/06 22:22:15 | 000,006,852 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\all
[2012/07/04 23:14:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/04 23:14:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/04 23:14:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/04 23:14:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/04 23:14:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/04 22:59:05 | 000,649,555 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\Print screen.png
[2012/07/04 20:44:29 | 000,659,968 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\MicrosoftFixit50195.msi
[2012/07/03 21:59:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 21:37:26 | 000,185,065 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\FixPolicies.exe
[2012/07/03 14:00:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\MBR.dat
[2012/07/03 13:44:52 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\NTREGOPT.lnk
[2012/07/03 13:44:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\ERUNT.lnk
[2012/07/03 10:33:06 | 015,519,888 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\BaiduPlayer1.14.0.132.exe
[2012/07/02 14:21:51 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\sfvb\Desktop\Flash_Disinfector.exe
[2012/05/17 16:26:37 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/05/16 20:54:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/04/28 15:04:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2012/01/07 03:03:10 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\sfvb\Local Settings\Application Data\WebpageIcons.db
[2011/12/30 11:34:24 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\sfvb\Application Data\coreavc.ini
[2011/06/15 20:18:44 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\drvinst.exe
[2011/06/15 20:18:19 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2011/02/27 16:32:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sfvb\Local Settings\Application Data\prvlcl.dat
[2010/07/16 03:32:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\sfvb\Local Settings\Application Data\fusioncache.dat
[2010/07/16 03:21:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/07/16 03:20:42 | 000,000,840 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/07/16 03:16:07 | 000,128,786 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2010/07/16 03:16:06 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2010/06/21 10:18:53 | 000,016,002 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem20.PNF
[2010/06/21 10:18:53 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem17.PNF
[2010/06/21 10:18:53 | 000,012,420 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem16.PNF
[2010/06/21 10:18:53 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem20.inf
[2010/06/21 10:18:53 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem17.inf
[2010/06/21 10:18:53 | 000,007,754 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem18.PNF
[2010/06/21 10:18:53 | 000,007,314 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem19.PNF
[2010/06/21 10:18:53 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem18.inf
[2010/06/21 10:18:53 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\sfvb\1277086733-(null)
[2010/06/21 10:18:53 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem19.inf
[2010/06/21 10:18:52 | 000,014,334 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem13.PNF
[2010/06/21 10:18:52 | 000,012,828 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem14.PNF
[2010/06/21 10:18:52 | 000,012,794 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem15.PNF
[2010/06/21 10:18:52 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\sfvb\1277086732-(null)
[2010/06/21 10:18:52 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem15.inf
[2010/06/21 10:18:52 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\sfvb\Copy of oem14.inf
[2010/06/21 10:04:29 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\sfvb\MCCI_MDM.INF
[2010/06/21 10:04:29 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\sfvb\USB_MOT_BRIT.INF
[2010/06/21 10:04:29 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\sfvb\MCCI_BUS.INF
[2010/06/21 10:04:29 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\sfvb\USBMOT2000XP.INF
[2010/06/21 10:04:29 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\sfvb\USB_MOT_A1000.INF
[2010/06/21 10:04:29 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\sfvb\MCCI_SDM.INF
[2010/06/21 10:04:28 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\sfvb\USBMOT2000.INF
[2010/06/21 10:04:28 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\sfvb\USB_CMCS_2000.INF
[2010/03/25 20:17:11 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\sfvb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/14 16:26:19 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== Files - Unicode (All) ==========
[2012/04/24 14:13:23 | 000,000,981 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\WPS??.lnk) -- C:\Documents and Settings\All Users\Desktop\WPS演示.lnk
[2012/04/24 14:13:23 | 000,000,981 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\WPS??.lnk) -- C:\Documents and Settings\All Users\Desktop\WPS文字.lnk
[2012/04/24 14:13:23 | 000,000,981 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\WPS??.lnk) -- C:\Documents and Settings\All Users\Desktop\WPS演示.lnk
[2012/04/24 14:13:23 | 000,000,966 | ---- | M] ()(C:\Documents and Settings\All Users\Desktop\WPS??.lnk) -- C:\Documents and Settings\All Users\Desktop\WPS表格.lnk
[2012/04/24 14:13:23 | 000,000,966 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\WPS??.lnk) -- C:\Documents and Settings\All Users\Desktop\WPS表格.lnk
[2012/04/24 14:13:22 | 000,000,981 | ---- | C] ()(C:\Documents and Settings\All Users\Desktop\WPS??.lnk) -- C:\Documents and Settings\All Users\Desktop\WPS文字.lnk
(C:\Documents and Settings\All Users\Start Menu\Programs\WPS Office ???) -- C:\Documents and Settings\All Users\Start Menu\Programs\WPS Office 个人版

< End of report >
  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

My apologies for the delay, the forum has been off-line due to unforeseen technical issues.

Next:

I think at this time a roll-back with Internet Explorer is worth a try as it appears nothing else has been of use what so ever...When done IE should revert back to say IE7.

Close Internet Explorer if open, then go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Windows Internet Explorer 8(Internet Explorer 8)

To do so, click once on the above in turn to highlight and then click on the Remove button.

Reboot your machine afterwards.

Next:

Let myself know when completed the above and if still the same Internet Explorer issues etc.
  • 0

#24
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Dakeyras

Very Glad to see u guys back up and running, trust all sorted out. Now my turn to apologise (Ive had family in town so been out on the tourist trail- only getting to my pc now)

Right, followed instrictions, and viola IE7 works fine in the sense that there are no more x red marks, albeit it is a little bit slower.

The rest of the pc is working fine the last few days.

Do I take it that the problem then is no longer malware?(or is that jumping the perverbial gun)?
  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Very Glad to see u guys back up and running, trust all sorted out. Now my turn to apologise (Ive had family in town so been out on the tourist trail- only getting to my pc now)

Indeed it would appear so and not a problem what you mentioned. Hope you and your family had a pleasant time etc.

Right, followed instrictions, and viola IE7 works fine in the sense that there are no more x red marks, albeit it is a little bit slower.

OK.

The rest of the pc is working fine the last few days.

Do I take it that the problem then is no longer malware?(or is that jumping the perverbial gun)?

Good to to know but we still have a fair few tasks to complete but for now I would actually prefer the Recovery Console to be installed on your machine first as follows...

Next:

Please delete your current version of ComboFix, then empty the Recycle Bin. Then download a new copy from here and save to the desktop.

Now follow the instructions again in post #14:-

Install the Recovery Console with ComboFix

When completed the above post the new ComboFix log and we will go from there, thank you.
  • 0

Advertisements


#26
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

Looks like I spoke o soon, IE 7 kept closing itself a few times today (4 times), but after that it worked fine again (not sure if relevant or not.

Ok downloaded new combo and updated it. Afraid it aborted the Console recovery again, would seem we not getting this right.

Below the log report.

ComboFix 12-07-13.01 - sfvb 13/07/2012 16:09:57.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.494.170 [GMT 8:00]
Running from: c:\documents and settings\sfvb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\boost_interprocess\20120713153623.500000
c:\windows\Downloaded Program Files\655368
c:\windows\Downloaded Program Files\655368\SetupAx.dll
c:\windows\gsyspd.log
c:\windows\msgpi.log
c:\windows\system32\avgfwdx.dll
F:\ghos
f:\ghos\giex
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINDRIVER
-------\Service_WinDriver
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-08 11:44 . 2012-07-08 11:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-04 02:24 . 2012-07-04 02:52 -------- d-----w- c:\documents and settings\sfvb\Application Data\TigerPlayer
2012-07-03 14:00 . 2012-07-03 14:00 -------- d-----w- c:\documents and settings\sfvb\Application Data\Malwarebytes
2012-07-03 13:59 . 2012-07-13 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-03 13:59 . 2012-07-03 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 13:59 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2012-07-03 13:40 -------- d-----w- C:\_OTL
2012-07-03 05:44 . 2012-07-03 05:45 -------- d-----w- c:\program files\ERUNT
2012-07-02 13:57 . 2012-07-02 13:57 -------- d-----w- c:\documents and settings\sfvb\Application Data\CometPlayer
2012-06-17 02:02 . 2012-06-17 02:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\Kingsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 08:14 . 2010-12-02 07:54 43658352 ----a-w- c:\program files\DivXInstaller.exe
2010-12-02 07:12 . 2010-12-02 07:12 11873890 ----a-w- c:\program files\audacity-win-unicode-1.3.12.exe
2012-06-14 22:19 . 2012-07-08 11:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_15.33.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2004-08-04 12:00 37888 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 96256 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 56832 c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\mshta.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 22016 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\imgutil.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 62976 c:\windows\system32\iesetup.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 48640 c:\windows\system32\iernonce.dll
+ 2010-03-13 03:55 . 2004-08-04 12:00 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 37888 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 96256 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 56832 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 22016 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\dllcache\imgutil.dll
+ 2010-03-12 15:11 . 2004-08-04 12:00 93184 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 62976 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 48640 c:\windows\system32\dllcache\iernonce.dll
+ 2010-03-13 03:55 . 2004-08-04 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-03-12 15:11 . 2004-08-04 12:00 38912 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35328 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 99840 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35328 c:\windows\system32\corpol.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 99840 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\admparse.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 656384 c:\windows\system32\wininet.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 276480 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 601088 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 473600 c:\windows\system32\shlwapi.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 530432 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\msls31.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 448512 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 249344 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 323584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 221184 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 216576 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 139264 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 201728 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 656384 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 276480 c:\windows\system32\dllcache\webcheck.dll
+ 2010-03-12 15:12 . 2004-08-04 12:00 848384 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 601088 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 473600 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 530432 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 448512 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 249344 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 323584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 221184 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 216576 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 139264 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 201728 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 1483264 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 3003392 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 1483264 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 3003392 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 1016832 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 1016832 c:\windows\system32\browseui.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-15 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\2010backup\\AOE\\AOE\\Empires.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [15/03/2012 09:24 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 11:54 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 11:54 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [08/07/2012 19:44 113120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 03:54]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 03:54]
.
2012-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1677128483-1343024091-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 14:09]
.
2012-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1677128483-1343024091-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 14:09]
.
2012-07-13 c:\windows\Tasks\WpsUpdateTask_sfvb.job
- c:\program files\Kingsoft\WPS Office Personal\office6\wpsupdate.exe [2012-04-24 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 114.64.255.146
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
FF - ProfilePath - c:\documents and settings\sfvb\Application Data\Mozilla\Firefox\Profiles\2kh6jzjj.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-13 16:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-07-13 16:23:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 08:23
ComboFix2.txt 2012-07-06 07:56
ComboFix3.txt 2012-07-04 15:38
.
Pre-Run: 9,513,975,808 bytes free
Post-Run: 9,503,219,712 bytes free
.
- - End Of File - - 93926C30573CA5403650F158A6540719
  • 0

#27
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

IE 7 kept closing itself a few times today (4 times), but after that it worked fine again (not sure if relevant or not.

Now it appears your machine has recently become further infected again and this likely explains the unusual activity with IE.

So keep myself informed please if any other strange activity with regard to IE.

Ok downloaded new combo and updated it. Afraid it aborted the Console recovery again, would seem we not getting this right.

Certainly proving to be problematic, check for me if you can actually download and save this file to the desktop:-

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe <-- once on the page click on the orange download tab.

Next:

Even though you have AVG Anti-Virus Free Edition 2012 installed there appears to be a Firewall component. Was the installation originally on a trial basis for example? Also does AVG appear to working correctly and or any errors reported that something is amiss with the software as a whole?
  • 0

#28
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Dakeyras

I will do,

I managed to download the site you gave me and saved it to my desktop (although I have not run it - until I get ur get go)

Regarding AVG (which was the AV installed on my pc when I purchased it years back) - come to think of it, ur absolutly spot on, at the begining of this year I thought id try the 30 day full package version sinced it seemed to offer better protection, but it used up so much memory that I uninstalled and re-installed the avg free version ( I remember because I also tried Kaspersky, which I read was better but like firefox it was in chinese so thats why I went back to AVG.

AVG seems to be working fine on face value( not that I would know if there was a problem), I dnt getting any strange messages from the program. If I look at wondows task manager (processes) I notice that there are a few avg functions open (again not sure if this is normal or not), below a list.
AVG tray (3880k)
avgsx.exe (500K)
avgwdsvc.exe (4696K)
avgcsrvx.exe (768k)
avgrsx.exe (76k)
  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Thanks for answering my query's, lets proceed as follows shall we...

SC Reset:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
net stop winmgmt
rd %systemroot%\system32\wbem\repository
net start winmgmt
  • Go to File >> Save As
  • Save File name as "reset.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
Double click on reset.bat. A command window will open, when prompted type in Y then hit the enter/return key.

When completed the command window will close. Reboot your computer. <-- Make sure you do this.

Install the Recovery Console with ComboFix:

Temp disable AVG', then:-

Posted Image

Drag the setup package(this will be the actual WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe file you downloaded eariler) onto ComboFix.exe and drop it.

Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

Posted Image

At the next prompt, click Yes to run the full ComboFix scan.

When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix4.txt log in your in your next reply and we will go from there, thank you.
  • 0

#30
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi :)

Afraid it did not work, I received the following 2 individual messages, once I dragged and combo started to run.

1st Win XP prof SP2 cdboot floppie. Extractig file failed. This is likely caused by low memory (low disk space for swapping files) or corrupt cabinet file.


2nd Extracting 3xe encounted a problem and had to close.

I did not continue with the scan.

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP