Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer auto restarts

Started by roacham , Aug 16 2011 10:10 AM

  • This topic is locked This topic is locked

#16
Dakeyras
Posted 25 August 2011 - 08:16 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :unsure:

Thank you so much for your help

You're welcome!

it was not working so tried to do the task manager, it froze. I went to safe mode and actually had 2 log in names, Administrator and Ashton, Admin is never there in reg mode. I chose that first b/c I thought Admin would be best, well, there were only 3 desktop options and not many programs to choose from and combofix was no where to be found. So i rebooted in to safemode under Ashton. Everything from reg mode is there. Trying scan of combofix now. It is at the same point as usual. No clock or completed stage stuff coming up yet.

OK abort the scan and we will merely take a different approach. Reboot your machine back into Normal Mode so you are able to download another specific tool please.

Do you think this Admin login has anything to do with computer issues or that the combofix wont run because it is not installing as the actual Admin?

Seeing the Administrator account when trying to boot into Safe Mode is normal. To be honest as I am sure you are beginning to realise purchasing a second hand machine can be a hit and miss thing as you have no idea what state it may be in and or if it functions correctly. Anyway I will try my best on your behalf to try and rectify all if able. :)

Next:

Download AVPTool from here to your Desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

Advertisements

#17
roacham
Posted 25 August 2011 - 11:00 AM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
Here is the detected threats report:

Status: Deleted (events: 2)
8/25/2011 10:33:48 AM Deleted Trojan program Trojan.Win32.Swisyn.bsct C:\Documents and Settings\Customer\Desktop\OTL.exe High
8/25/2011 10:47:05 AM Deleted Trojan program Trojan.Win32.Swisyn.bsct C:\System Volume Information\_restore{3D448FD1-B61D-4D5C-A2E7-BA3956CFEB9D}\RP274\A0089441.exe High


I am attaching the zipped folder, hope I am doing this right. I first unzipped it, but then realized that I think you wanted it zipped.

Attached Files


  • 0

#18
Dakeyras
Posted 25 August 2011 - 01:11 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

You posted what I requested just fine... can I have a quick update please how your machine is performing now, any other symptoms and or problems encountered?

Re-scan with OTL:

  • Please download a new copy of OTL and save it to your Desktop.
  • Close all other open windows, then double-click OTL.exe to start the application.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
atapi.sys
WMILIB.SYS
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click Run Scan in upper left of window.
  • When the scan is finished, two Notepad files will open:
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.

  • 0

#19
roacham
Posted 25 August 2011 - 07:43 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
I haven't had a chance to use the computer since the scan of kaspersky this morning but it restarted itself right before downloading kaspersky this morning.

Here are the scans
OTL:

OTL logfile created on: 8/25/2011 8:28:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 642.85 Mb Available Physical Memory | 63.31% Memory free
2.39 Gb Paging File | 2.14 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 30.19 Gb Free Space | 81.03% Space Free | Partition Type: NTFS

Computer Name: ASHTON | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Customer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\11082501\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\11082501\aswRep.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (59503609) -- C:\WINDOWS\system32\DRIVERS\59503609.sys (Kaspersky Lab ZAO)
DRV - (2782296drv) -- C:\WINDOWS\2782296drv.spi ()
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (CAMTHWDM) -- C:\WINDOWS\system32\drivers\CAMTHWDM.sys ()
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757981266-261903793-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1757981266-261903793-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: [email protected]:7.6.1
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/16 09:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/05/13 18:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Extensions
[2010/08/26 20:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\ljzjdp4i.default\extensions
[2010/08/13 13:32:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\ljzjdp4i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/23 16:06:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\ljzjdp4i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/13 13:32:43 | 000,000,000 | ---D | M] ("FoxFilter") -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\ljzjdp4i.default\extensions\[email protected]
[2009/07/05 06:58:20 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Customer\Application Data\Mozilla\Firefox\Profiles\ljzjdp4i.default\searchplugins\mywebsearch.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CUSTOMER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LJZJDP4I.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/08/23 10:28:45 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-261903793-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Customer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/11 18:48:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 20:25:25 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTL.exe
[2011/08/25 10:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/25 10:19:17 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\59503609.sys
[2011/08/25 08:08:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/25 07:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/25 07:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/25 07:16:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/25 07:16:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/25 07:16:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/25 07:13:38 | 004,182,373 | R--- | C] (Swearware) -- C:\Documents and Settings\Customer\Desktop\ComboFix.exe
[2011/08/23 14:02:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/23 13:55:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Customer\Start Menu\Programs\Administrative Tools
[2011/08/23 10:28:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/23 10:17:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/23 10:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/23 10:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/08/23 10:12:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Customer\Desktop\erunt-setup.exe
[2011/08/23 07:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/08/23 07:25:55 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/22 15:48:36 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Customer\Desktop\TDSSKiller.exe
[2011/08/16 09:51:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\TFC.exe
[2011/08/16 09:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Google
[2011/08/16 09:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/08/16 09:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/16 09:18:34 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/16 09:18:33 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/16 09:18:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/16 09:18:27 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/16 09:18:27 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/16 09:18:25 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/16 09:18:25 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/16 09:18:25 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/16 09:17:18 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/16 09:17:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/16 09:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/16 09:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/08/16 08:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 08:20:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/16 08:19:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/16 08:16:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/16 07:48:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/15 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Malwarebytes
[2011/08/15 22:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/15 22:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/15 22:04:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/08/15 21:57:10 | 000,000,000 | ---D | C] -- C:\031658ccde2af0c7440900ba
[2011/08/15 21:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(2)

========== Files - Modified Within 30 Days ==========

[2011/08/25 20:25:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTL.exe
[2011/08/25 13:56:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/25 13:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/25 11:40:28 | 000,107,114 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\avz_sysinfo.htm
[2011/08/25 11:40:28 | 000,040,401 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\avz_sysinfo.xml
[2011/08/25 11:10:02 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\59503609.sys
[2011/08/25 10:47:04 | 000,000,324 | -HS- | M] () -- C:\WINDOWS\2782296drv.spi
[2011/08/25 10:18:36 | 103,994,600 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\setup_11.0.0.1245.x01_2011_08_25_11_10.exe
[2011/08/25 10:05:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/25 10:05:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 07:13:51 | 004,182,373 | R--- | M] (Swearware) -- C:\Documents and Settings\Customer\Desktop\ComboFix.exe
[2011/08/24 07:37:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Customer\Desktop\TDSSKiller.exe
[2011/08/24 07:36:42 | 001,390,139 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\tdsskiller.zip
[2011/08/24 07:32:53 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\Look.bat
[2011/08/23 14:02:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/23 10:28:45 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/23 10:13:50 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\NTREGOPT.lnk
[2011/08/23 10:13:50 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\ERUNT.lnk
[2011/08/23 10:12:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Customer\Desktop\erunt-setup.exe
[2011/08/23 07:25:20 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\RSIT.exe
[2011/08/23 07:23:07 | 000,172,286 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\ReportRK
[2011/08/23 07:14:01 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\RKUnhookerLE.EXE
[2011/08/17 03:17:25 | 000,463,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/17 03:17:25 | 000,080,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/17 03:09:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/16 09:51:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\TFC.exe
[2011/08/16 09:18:35 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/16 09:18:26 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/16 08:20:06 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/16 08:16:28 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/08/25 11:40:28 | 000,107,114 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\avz_sysinfo.htm
[2011/08/25 11:40:28 | 000,040,401 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\avz_sysinfo.xml
[2011/08/25 10:33:39 | 000,000,324 | -HS- | C] () -- C:\WINDOWS\2782296drv.spi
[2011/08/25 10:15:24 | 103,994,600 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\setup_11.0.0.1245.x01_2011_08_25_11_10.exe
[2011/08/25 07:16:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/25 07:16:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/25 07:16:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/25 07:16:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/25 07:16:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/24 07:34:58 | 001,390,139 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\tdsskiller.zip
[2011/08/24 07:32:52 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\Look.bat
[2011/08/23 14:02:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/23 14:02:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/23 10:13:50 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\NTREGOPT.lnk
[2011/08/23 10:13:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\ERUNT.lnk
[2011/08/23 07:25:19 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\RSIT.exe
[2011/08/23 07:23:07 | 000,172,286 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\ReportRK
[2011/08/23 07:13:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Customer\Desktop\RKUnhookerLE.EXE
[2011/08/16 09:18:35 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/16 08:20:06 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/22 21:47:49 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/08/30 00:56:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Customer\Local Settings\Application Data\PUTTY.RND
[2009/07/04 04:16:09 | 001,051,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/06/19 00:27:41 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/04 18:53:16 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/06/03 20:50:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\wnUninstall.exe
[2009/05/30 04:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/13 18:15:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/12 00:26:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2009/05/11 18:51:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/11 18:45:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/11 11:39:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/11 11:37:50 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 22:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,463,166 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,080,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMILIB.SYS >
[2001/08/23 05:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\dllcache\wmilib.sys
[2001/08/23 05:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\drivers\wmilib.sys

< %systemroot%\*. /mp /s >

< End of report >


EXTRAS:

OTL Extras logfile created on: 8/25/2011 8:28:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Customer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 642.85 Mb Available Physical Memory | 63.31% Memory free
2.39 Gb Paging File | 2.14 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 30.19 Gb Free Space | 81.03% Space Free | Partition Type: NTFS

Computer Name: ASHTON | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1757981266-261903793-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe"
https [open] -- "C:\Program Files\Opera\opera.exe"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-RC" = ATT-RC Self Support Tool
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"ProInst" = Intel® PROSet/Wireless Software
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#20
Dakeyras
Posted 26 August 2011 - 02:32 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I haven't had a chance to use the computer since the scan of kaspersky this morning but it restarted itself right before downloading kaspersky this morning.

Fair play, now it appears there are some entries viable in the OTL logs that were not prior and we can thank AVP for that. So we are making some progress...

Can you inform myself please in your next reply what exact make/modal your machine is please.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

ATT-RC Self Support Tool <-- Leave in place if you installed this/your ISP is ATT.
Mozilla Firefox (3.6.8) <-- Reinstall like you mentioned in your first post/when I give the all clear.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\OTL-backup
and click on OK.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my computer make/modal query.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • aswMBR Log.

  • 0

#21
roacham
Posted 26 August 2011 - 06:31 AM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
OK, I have done the first steps up to removing Mozilla. Computer restarted itself after that. OTL.exe is no longer on desktop, so I wanted to be sure I am supposed to download again before I do it or if it supposed to still be there?
  • 0

#22
Dakeyras
Posted 26 August 2011 - 07:32 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Computer restarted itself after that

OK I beginning to wonder if your machine might have other issues, say hard-ware for example and or the actual Operating System is damaged. If the need I can refer you over to the IT Techs here in Geeks to Go.

Anyway carry out the below please:-

  • Right-click on My Computer >> Properties.
  • In the System Properties window click the Advanced tab.
  • Now click the Settings button under Startup and Recovery.
  • In the Startup and Recovery window uncheck the Automatically restart check box.
  • Click OK.
Now if the computer generates a error it should not automatically restart and you should be able view any errors your computer may be experiencing and in turn inform myself.

OTL.exe is no longer on desktop, so I wanted to be sure I am supposed to download again before I do it or if it supposed to still be there?

Strange indeed, it should be still there, if the need by all means do re-download it again and then continue with my prior instructions, thank you.
  • 0

#23
Dakeyras
Posted 26 August 2011 - 07:52 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Anyway carry out the below please:-

  • Right-click on My Computer >> Properties.
  • In the System Properties window click the Advanced tab.
  • Now click the Settings button under Startup and Recovery.
  • In the Startup and Recovery window uncheck the Automatically restart check box.
  • Click OK.
Now if the computer generates a error it should not automatically restart and you should be able view any errors your computer may be experiencing and in turn inform myself

I have been thinking about this, it might not be such a good idea if your machine has a heat issue/some fans are not working so after carrying out my OTL and MBAM instructions undo the above please as I would not wish for your machine to get worse. :)
  • 0

#24
roacham
Posted 26 August 2011 - 10:39 AM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
Thank you again for all your help :unsure:

make/model Latitude/D610

OTL from notepad:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Customer\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Customer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Customer
->Flash cache emptied: 456 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Customer
->Temp folder emptied: 14390001 bytes
->Temporary Internet Files folder emptied: 119620679 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 128.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.5 log created on 08262011_084701

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Customer\Local Settings\Temp\~DF3BB3.tmp not found!
File\Folder C:\Documents and Settings\Customer\Local Settings\Temp\~DF3C05.tmp not found!
File\Folder C:\Documents and Settings\Customer\Local Settings\Temp\~DF3F22.tmp not found!
File\Folder C:\Documents and Settings\Customer\Local Settings\Temp\~DF3F36.tmp not found!
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\T7ZT36UB\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\NC2R20LA\page__st__15__gopid__2053612[2].txt moved successfully.
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\M1X4TUED\like[1].htm moved successfully.
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\Content.IE5\LXYXXXAE\login_status[7].htm moved successfully.
C:\Documents and Settings\Customer\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7576

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/26/2011 9:48:04 AM
mbam-log-2011-08-26 (09-48-04).txt

Scan type: Quick scan
Objects scanned: 176876
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


the aswMBR, everytime I hit scan the computer does the shut down restart thing, will not do scan.

You may be correct about this being a hard drive issue :)
  • 0

#25
Dakeyras
Posted 26 August 2011 - 12:39 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :unsure:

Thank you again for all your help :yes:

You're most welcome!

make/model Latitude/D610

Thank you for the clarification...so there is the distinct possibly your machine has what is known as a Recovery Partition(if it does no need to purchase a XP Installation CD-ROM). Basically what this feature does is perform a factory reset which puts the machine back to its original configuration when it was shipped etc. This is defacto a reformat and reinstallation of the Windows Operating System. So if this feature is present and working it is a option we can consider and if we do I can provide you both the links and instructions on how to retrieve updates from the Dell site and download the appropriate backup software so you can create a independent backup CD etc.

the aswMBR, everytime I hit scan the computer does the shut down restart thing, will not do scan.

Not good and there is a way to get the scan to run but I suspect now knowing your machines make/modal it may just not provide the exact information I require.

You may be correct about this being a hard drive issue :)

Aye it may be a hardware issue and or Operating System based though off course I am not ruling out Malware as the culprit just yet either.

Anyway lets proceed as follows shall we...

Scan with MBRCheck:

Please download MBRCheck.exe and save to your desktop.

Alternative Download is here.

  • Double-click on MBRCheck.exe to run it.
  • A window similar to this should open on your desktop:-
Posted Image

  • If you are prompted with options, enter N at the prompt and press Enter .
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run).
  • Please post the contents of the log in your next reply.

  • 0

Advertisements

#26
roacham
Posted 26 August 2011 - 12:47 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
That was quick :)

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7A87000 \WINDOWS\system32\KDCOM.DLL
0xF7997000 \WINDOWS\system32\BOOTVID.dll
0xF7458000 ACPI.sys
0xF7A89000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7447000 pci.sys
0xF7587000 isapnp.sys
0xF799B000 compbatt.sys
0xF799F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B4F000 PCIIde.sys
0xF7807000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7A8B000 intelide.sys
0xF7429000 pcmcia.sys
0xF7597000 MountMgr.sys
0xF740A000 ftdisk.sys
0xF780F000 PartMgr.sys
0xF75A7000 VolSnap.sys
0xF73F2000 atapi.sys
0xF75B7000 disk.sys
0xF75C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73D2000 fltMgr.sys
0xF73C0000 sr.sys
0xF73A9000 KSecDD.sys
0xF731C000 Ntfs.sys
0xF72EF000 NDIS.sys
0xF72D5000 Mup.sys
0xF7667000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A73000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF70D1000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF70BD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7093000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7867000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF706F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF786F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7059000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xF6E3D000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF6DFA000 \SystemRoot\system32\drivers\STAC97.sys
0xF6DD6000 \SystemRoot\system32\drivers\portcls.sys
0xF76A7000 \SystemRoot\system32\drivers\drmk.sys
0xF6DB3000 \SystemRoot\system32\drivers\ks.sys
0xF6D80000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6C83000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF6BD6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7877000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6BBB000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF787F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7887000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A83000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6BA7000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6AA6000 \SystemRoot\system32\DRIVERS\CAMTHWDM.sys
0xF7707000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7C64000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7717000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF729C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6A6F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7737000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7747000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF788F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF69BE000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7767000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7917000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF791F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5352000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AE3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF52F4000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A57000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7757000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6A3F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B13000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C4C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B15000 \SystemRoot\System32\Drivers\Beep.SYS
0xF53A2000 \SystemRoot\System32\drivers\vga.sys
0xF7B17000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B1F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7897000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF789F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA8D8E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA842A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA83D1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7777000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA8380000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF78A7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA8337000 \SystemRoot\System32\drivers\afd.sys
0xF7677000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA82E5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA81EA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77A7000 \SystemRoot\System32\Drivers\Fips.SYS
0xA81C4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA78DE000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA786E000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF792F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF63D6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA7856000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AAD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7EDC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7977000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C73000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBF16E000 \SystemRoot\System32\ATMFD.DLL
0xA6CB5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF78F7000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA6C65000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA793C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA59DC000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA6CD9000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA56DC000 \SystemRoot\system32\DRIVERS\srv.sys
0xA5838000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA569F000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7950000 \SystemRoot\system32\drivers\sysaudio.sys
0xA578C000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA50E0000 \SystemRoot\System32\Drivers\HTTP.sys
0xA4C2D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
1192 C:\WINDOWS\system32\smss.exe
1808 csrss.exe
1280 C:\WINDOWS\system32\winlogon.exe
1332 C:\WINDOWS\system32\services.exe
1352 C:\WINDOWS\system32\lsass.exe
1568 C:\WINDOWS\system32\svchost.exe
1664 svchost.exe
1704 C:\WINDOWS\system32\svchost.exe
1752 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
220 C:\WINDOWS\explorer.exe
540 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
576 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
644 svchost.exe
792 svchost.exe
1048 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2036 C:\WINDOWS\system32\spoolsv.exe
212 scardsvr.exe
872 C:\Program Files\Common Files\Motive\McciCMService.exe
1068 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1240 C:\WINDOWS\system32\svchost.exe
2652 alg.exe
3256 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
3548 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
3860 C:\WINDOWS\system32\hkcmd.exe
3988 C:\WINDOWS\system32\igfxpers.exe
384 C:\Program Files\AVAST Software\Avast\AvastUI.exe
884 C:\WINDOWS\system32\ctfmon.exe
2380 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2540 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
4064 C:\Documents and Settings\Customer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2040AH, Rev: 00000096

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#27
Dakeyras
Posted 26 August 2011 - 01:41 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Good and bad news I'm afraid...it looks like at some point the actual custom Dell MBR has been overwritten with a XP one. This means the Recovery Partition is no longer available, so you will still have to purchase a XP Installation CD-ROM at some point...the good news if you will the actual MBR does not appear to be infected.

System File Check:

Close all open applications/windows etc.

  • Click on Start >> Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.
Note: This will take some time. Also you may be prompted to place your XP installation CD-ROM in the CD-Drive if required. If you are, abort the scan.

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...Click on Scan Now
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Re-scan with RSIT:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"%userprofile%\desktop\rsit.exe" /info
and click on OK

  • Click on Run and RSIT will start.
  • Next to the List files/folders created or modified in the last drop-down box select 3 Months
  • Now click on Continue.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#28
roacham
Posted 26 August 2011 - 04:04 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
had to abort SFC b/c it wanted CD


here is ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4f7faba3dd1fcf4a9b9894ed9d1358f1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-26 08:43:37
# local_time=2011-08-26 03:43:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 36212880 36212880 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=24802
# found=0
# cleaned=0
# scan_time=3012


RIST log notepad:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Customer at 2011-08-26 17:02:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (81%) free of 38 GB
Total RAM: 1015 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:40 PM, on 8/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Customer\desktop\rsit.exe
C:\Program Files\trend micro\Customer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.c...&gct=&gc=1&q=%s
O1 - Hosts: ÿ₫127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9d523fb16368) (gupdate1c9d523fb16368) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5084 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-16 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-08-16 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-16 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-08-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 3 months======

2011-08-26 14:48:22 ----D---- C:\Program Files\ESET
2011-08-25 08:08:37 ----SD---- C:\ComboFix
2011-08-25 07:56:52 ----A---- C:\WINDOWS\ntbtlog.txt
2011-08-25 07:16:55 ----A---- C:\WINDOWS\zip.exe
2011-08-25 07:16:55 ----A---- C:\WINDOWS\SWREG.exe
2011-08-25 07:16:55 ----A---- C:\WINDOWS\PEV.exe
2011-08-25 07:16:55 ----A---- C:\WINDOWS\NIRCMD.exe
2011-08-25 07:16:55 ----A---- C:\WINDOWS\MBR.exe
2011-08-25 07:16:55 ----A---- C:\WINDOWS\grep.exe
2011-08-25 07:16:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-08-25 07:16:54 ----A---- C:\WINDOWS\SWSC.exe
2011-08-25 07:16:54 ----A---- C:\WINDOWS\sed.exe
2011-08-25 07:16:09 ----D---- C:\Qoobox
2011-08-25 06:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-08-24 07:38:09 ----A---- C:\TDSSKiller.2.5.17.0_24.08.2011_07.38.09_log.txt
2011-08-23 14:02:17 ----A---- C:\Boot.bak
2011-08-23 14:02:05 ----RASHD---- C:\cmdcons
2011-08-23 10:28:22 ----D---- C:\_OTL
2011-08-23 10:17:09 ----D---- C:\WINDOWS\ERDNT
2011-08-23 10:13:49 ----D---- C:\Program Files\ERUNT
2011-08-23 07:25:56 ----D---- C:\Program Files\trend micro
2011-08-23 07:25:55 ----D---- C:\rsit
2011-08-16 09:34:40 ----D---- C:\Documents and Settings\Customer\Application Data\Google
2011-08-16 09:19:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2011-08-16 09:18:34 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-08-16 09:18:33 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-08-16 09:18:29 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-08-16 09:18:27 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-08-16 09:18:27 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-08-16 09:18:25 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-08-16 09:18:25 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-08-16 09:18:25 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-08-16 09:17:18 ----A---- C:\WINDOWS\avastSS.scr
2011-08-16 09:17:15 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-08-16 09:16:08 ----D---- C:\Program Files\AVAST Software
2011-08-16 09:16:08 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-08-16 08:20:05 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-16 08:19:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-16 07:48:03 ----D---- C:\Config.Msi
2011-08-15 22:13:07 ----D---- C:\Documents and Settings\Customer\Application Data\Malwarebytes
2011-08-15 22:12:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-08-15 22:12:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-15 22:04:54 ----D---- C:\WINDOWS\Minidump
2011-08-15 21:57:10 ----D---- C:\031658ccde2af0c7440900ba
2011-08-15 21:48:27 ----D---- C:\Program Files\Common Files\Adobe(2)
2011-08-15 21:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-15 21:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-15 21:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-14 14:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-14 14:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-07-24 21:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-07-24 21:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-07-24 21:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-07-24 21:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-07-24 21:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-24 21:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-07-24 21:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-07-24 21:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-07-24 21:14:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2011-07-24 21:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-07-24 21:08:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-07-24 21:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-07-24 21:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-07-24 21:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-07-24 21:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-07-24 21:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-07-24 21:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-07-24 20:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-07-24 20:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-07-24 20:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-07-24 20:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-24 20:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-07-24 20:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$

======List of files/folders modified in the last 3 months======

2011-08-26 17:02:39 ----D---- C:\WINDOWS\Prefetch
2011-08-26 15:43:41 ----D---- C:\WINDOWS\Temp
2011-08-26 14:48:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-08-26 14:48:22 ----RD---- C:\Program Files
2011-08-26 14:43:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-26 14:43:27 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-26 11:31:22 ----D---- C:\WINDOWS
2011-08-26 09:22:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-26 08:47:06 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-26 07:04:00 ----D---- C:\WINDOWS\system32\drivers
2011-08-25 13:24:42 ----SHD---- C:\System Volume Information
2011-08-25 10:19:37 ----HD---- C:\WINDOWS\inf
2011-08-25 08:10:09 ----D---- C:\WINDOWS\system32
2011-08-25 07:57:40 ----D---- C:\Documents and Settings
2011-08-25 07:16:32 ----D---- C:\WINDOWS\system32\Restore
2011-08-23 14:02:17 ----RASH---- C:\boot.ini
2011-08-23 10:28:30 ----D---- C:\Documents and Settings\Customer\Application Data\Opera
2011-08-23 09:53:07 ----SHD---- C:\WINDOWS\Installer
2011-08-23 09:45:30 ----D---- C:\Program Files\Common Files
2011-08-23 09:45:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-08-17 03:29:14 ----RSD---- C:\WINDOWS\assembly
2011-08-17 03:23:54 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-17 03:17:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-17 03:15:55 ----D---- C:\WINDOWS\WinSxS
2011-08-17 03:09:59 ----A---- C:\WINDOWS\imsins.BAK
2011-08-17 03:04:58 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-17 03:03:17 ----D---- C:\Program Files\Internet Explorer
2011-08-16 10:27:35 ----D---- C:\WINDOWS\system32\CatRoot
2011-08-16 09:19:39 ----D---- C:\Program Files\Google
2011-08-16 08:32:28 ----D---- C:\WINDOWS\Registration
2011-08-16 08:31:29 ----D---- C:\Program Files\Common Files\Uninstall
2011-08-16 08:01:21 ----D---- C:\WINDOWS\system32\config
2011-08-16 08:00:17 ----D---- C:\WINDOWS\system32\wbem
2011-08-16 07:55:44 ----D---- C:\Program Files\Adobe
2011-08-15 23:58:18 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-15 23:42:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-08-15 21:35:23 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-15 21:26:52 ----D---- C:\WINDOWS\ie8updates
2011-07-25 10:17:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-07-24 21:10:52 ----D---- C:\WINDOWS\Debug
2011-07-08 08:49:22 ----A---- C:\WINDOWS\system32\tzchange.exe
2011-06-23 13:36:30 ----N---- C:\WINDOWS\system32\occache.dll
2011-06-23 13:36:30 ----N---- C:\WINDOWS\system32\mstime.dll
2011-06-23 13:36:30 ----N---- C:\WINDOWS\system32\mshtmled.dll
2011-06-23 13:36:30 ----N---- C:\WINDOWS\system32\licmgr10.dll
2011-06-23 13:36:30 ----N---- C:\WINDOWS\system32\jsproxy.dll
2011-06-23 13:36:30 ----N---- C:\WINDOWS\system32\iepeers.dll
2011-06-23 13:36:30 ----A---- C:\WINDOWS\system32\wininet.dll
2011-06-23 13:36:30 ----A---- C:\WINDOWS\system32\urlmon.dll
2011-06-23 13:36:30 ----A---- C:\WINDOWS\system32\url.dll
2011-06-23 13:36:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-06-23 13:36:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-06-23 13:36:30 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-06-23 13:36:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2011-06-23 13:36:29 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-06-23 07:05:37 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2011-06-20 12:44:52 ----A---- C:\WINDOWS\system32\winsrv.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-12 21425]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 CAMTHWDM;WebcamMax, WDM Video Capture; C:\WINDOWS\system32\DRIVERS\CAMTHWDM.sys [2009-06-22 1051136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS []
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-09-23 303104]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
S2 gupdate1c9d523fb16368;Google Update Service (gupdate1c9d523fb16368); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-15 133104]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-15 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-16 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
  • 0

#29
roacham
Posted 26 August 2011 - 04:05 PM

roacham

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 245 posts
info notepad:

info.txt logfile of random's system information tool 1.09 2011-08-26 17:02:43

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.215\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4E7D715D860E20E1.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware version 1.51.1.1800-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0E0479F8-180F-4054-B4F7-17EE657F90BF}\setup.exe -runfromtemp -l0x0409
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB2447568)-->"C:\WINDOWS\ie8updates\KB2447568-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Hosts File======

::1 localhost

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: ASHTON
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 28163
Source Name: W32Time
Time Written: 20110724215033.000000-300
Event Type: error
User:

Computer Name: ASHTON
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0013CE79F6FD. The IP address being used is 169.254.11.18.

Record Number: 28162
Source Name: Dhcp
Time Written: 20110724215033.000000-300
Event Type: warning
User:

Computer Name: ASHTON
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 28135
Source Name: b57w2k
Time Written: 20110724213828.000000-300
Event Type: warning
User:

Computer Name: ASHTON
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 28040
Source Name: b57w2k
Time Written: 20110724204910.000000-300
Event Type: warning
User:

Computer Name: ASHTON
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 28020
Source Name: b57w2k
Time Written: 20110721101101.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: EVILPANDA27009
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 6726
Source Name: PerfDisk
Time Written: 20100621112658.000000-300
Event Type: warning
User:

Computer Name: EVILPANDA27009
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 6725
Source Name: PerfDisk
Time Written: 20100621112657.000000-300
Event Type: warning
User:

Computer Name: EVILPANDA27009
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 6724
Source Name: PerfDisk
Time Written: 20100621112612.000000-300
Event Type: warning
User:

Computer Name: EVILPANDA27009
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 6723
Source Name: PerfDisk
Time Written: 20100621112611.000000-300
Event Type: warning
User:

Computer Name: EVILPANDA27009
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 6722
Source Name: PerfDisk
Time Written: 20100621112526.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------





computer has not done a restart during any of these steps
  • 0

#30
Dakeyras
Posted 27 August 2011 - 05:47 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

OK you can now set up new Home page(s) to what you wish...

had to abort SFC b/c it wanted CD

Unfortunate, there is a way around this via a registry modification If I recall but most likely that will not suffice as the reason SFC prompted for the XP CD-ROM was because certain system files are just not backed up/to be found on your machines hard-drive. Though with a wee bit of luck it may have been able to replace some corrupt/missing system files before the XP CD-ROM prompt.

computer has not done a restart during any of these steps

Good...what I propose is you give it a few days of use to see if the auto-restart occurs again at all. If in the event it does my best advice now would be to create a topic in this part of the forum:-

Hardware, Components and Peripherals

By all means include a link back to this topic if you so wish and mentioned I advised such etc. Below is this topics URL:-

http://www.geekstogo.com/forum/topic/306040-computer-auto-restarts/
Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

  • Double-click OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, avast! Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • I advise you visit: http://update.micros...t.aspx?ln=en-us
  • Install the Active X
  • Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
  • Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP