Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Too many issues to describe in title!

Started by abica , Oct 31 2011 04:23 PM

  • Please log in to reply

#1
abica
Posted 31 October 2011 - 04:23 PM

abica

    New Member

  • Member
  • Pip
  • 3 posts
Here is a list of issues I am, and have been, experiencing on my laptop (Right after I had it to a tech for a backup after which all seemed to be functioning fine except 3-4 days later:

Hijacked browser (redirects and websites appearing spontaneously)
Blocked internet access (can't find signal)
Blocked antivirus functions and anti-malware installations (malwarebytes & Spybots S & D)
Lost use of Dell laptop keyboard and pad
Employing TDSSKiller, malware appears after scanning and after supposedly curing and deleteing keeps coming back even if a scan is done again right after rebooting
Malware ranges from Win32:Aleuron-RJI{Rtk}which Avast has detected and supposedly corrected although it keeps coming back; Rootkit.Win32.PMax.gen (service edlc7645, Rootkit.Win32.ZAccess.e as found by Kaspersky's TDSSKiller(and no doubt others)

My system is windows XP SP3. My OTL report is as follows:


OTL Extras logfile created on: 31/10/2011 11:28:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Don\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 84.46% Memory free
4.83 Gb Paging File | 4.56 Gb Available in Paging File | 94.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 60.54 Gb Free Space | 26.00% Space Free | Partition Type: NTFS
Drive E: | 14.91 Gb Total Space | 3.54 Gb Free Space | 23.77% Space Free | Partition Type: FAT32

Computer Name: OGB1-LAPTOP | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.url [@ = internetshortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\S-1-5-21-220523388-152049171-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqcopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqcopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe" = C:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Don\Local Settings\Temp\mia33.tmp\WRInstall.exe" = C:\Documents and Settings\Don\Local Settings\Temp\mia33.tmp\WRInstall.exe:*:Enabled:Webroot Software Installation
"C:\Documents and Settings\Don\Local Settings\Temp\7zS5.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zS5.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\Don\Local Settings\Temp\7zS2.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zS2.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\493b88ba0fa762bef325\x86\setup.exe" = C:\493b88ba0fa762bef325\x86\setup.exe:*:Enabled:Microsoft Security Client Setup
"C:\Program Files\Microsoft Security Client\msseces.exe" = C:\Program Files\Microsoft Security Client\msseces.exe:*:Enabled:Microsoft Security Client User Interface
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)
"C:\Documents and Settings\Don\My Documents\Downloads\wsainstall.exe" = C:\Documents and Settings\Don\My Documents\Downloads\wsainstall.exe:*:Enabled:Webroot SecureAnywhere -- (Webroot)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:Microsoft Application Error Reporting -- (Microsoft Corporation)
"C:\Program Files\ACT\act.exe" = C:\Program Files\ACT\act.exe:*:Enabled:ACT! 6.0 Application -- (Interact Commerce Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Documents and Settings\Don\Desktop\Virus - Malware Utilities\MGADiag.exe" = C:\Documents and Settings\Don\Desktop\Virus - Malware Utilities\MGADiag.exe:*:Enabled:Microsoft Genuine Advantage Diagnostic tool -- (Microsoft Corporation)
"C:\Program Files\NoteTab Std 5\NoteTab.exe" = C:\Program Files\NoteTab Std 5\NoteTab.exe:*:Enabled:NoteTab Std -- (Fookes Holding Ltd)
"C:\Program Files\Apple Software Update\SoftwareUpdate.exe" = C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Enabled:Apple Software Update -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Don\Local Settings\Temp\7zS9A.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zS9A.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe" = C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe:*:Enabled:AVG Installer Application -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Don\Local Settings\Temp\7zSAA.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zSAA.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\Don\Local Settings\Temp\7zS129.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zS129.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\Don\Local Settings\Temp\wz91aa\TDSSKiller.exe" = C:\Documents and Settings\Don\Local Settings\Temp\wz91aa\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Documents and Settings\Don\Local Settings\Temp\7zS90.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zS90.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Documents and Settings\Don\Local Settings\Temp\7zSA0.tmp\avgmfapx.exe" = C:\Documents and Settings\Don\Local Settings\Temp\7zSA0.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application
"C:\Program Files\Best Uninstall Tool\BUT.exe" = C:\Program Files\Best Uninstall Tool\BUT.exe:*:Enabled:BUT -- ()
"C:\Program Files\WinZip\WINZIP32.EXE" = C:\Program Files\WinZip\WINZIP32.EXE:*:Enabled:WinZip -- (WinZip Computing, S.L.)
"C:\Documents and Settings\Don\Local Settings\Temp\wzebb2\TDSSKiller.exe" = C:\Documents and Settings\Don\Local Settings\Temp\wzebb2\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Documents and Settings\Don\Local Settings\Temp\wz3ebb\TDSSKiller.exe" = C:\Documents and Settings\Don\Local Settings\Temp\wz3ebb\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Don\Local Settings\Temp\_av_sfx.tm~a00176\avast.setup" = C:\Documents and Settings\Don\Local Settings\Temp\_av_sfx.tm~a00176\avast.setup:*:Enabled:avast! antivirus Update
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" = C:\Program Files\AVAST Software\Avast\AvastUI.exe:*:Enabled:avast! Antivirus -- (AVAST Software)
"C:\Documents and Settings\Don\Local Settings\Temp\wzd182\TDSSKiller.exe" = C:\Documents and Settings\Don\Local Settings\Temp\wzd182\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Documents and Settings\Don\Local Settings\Temp\wzb7b1\TDSSKiller.exe" = C:\Documents and Settings\Don\Local Settings\Temp\wzb7b1\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Updater for Spybot-S&D -- (Safer Networking Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C36518-9678-4899-808A-DA1982A1AE52}" = Brava! Desktop 2.1
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CFC7570-DD90-486E-A239-E31D455BDE93}" = Microsoft LifeCam
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD05F1FF-F284-402D-952A-ABCA6A6063FB}" = Adobe Illustrator CS2
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1008475-75B2-4475-B98C-51FAE8B62960}" = Concord WinFax Plugin v3.0
"{C36F0970-455C-11DE-3D6C-00CA5A144AE1}" = Chaos 7
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5E23FB4-A76A-4A43-9EDA-AC5DE9085705}" = Link Evaluator
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEBEA68F-45AA-4707-A9A7-DBD6DB4FBE89}" = hp psc 700 series
"{E14B8A08-42B3-4676-9E91-1D39F8158DA1}" = HP Print Diagnostic Utility
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ACT!" = ACT!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2 Tryout
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Application_X_1.0" = Power of Attorney 9.0
"avast" = avast! Free Antivirus
"Axandra's Reciprocal Links Solution_is1" = ARELIS 4.4.2
"Best Uninstall Tool_is1" = Best Uninstall Tool
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Easy Imager_is1" = Easy Imager (Remove only)
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Karen's Replicator" = Karen's Replicator
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.4
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MenuMaid" = MenuMaid 1.0.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NoteTab Std 5_is1" = NoteTab Std 5 (Remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"ProInst" = Intel® PROSet/Wireless Software
"PSPad editor_is1" = PSPad editor
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.93
"RoPS" = RoPS Version 6.3
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SynTPDeinstKey" = Dell Touchpad
"WebCEO70_is1" = Web CEO 8.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFax" = Symantec WinFax PRO
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu_is1" = Xenu's Link Sleuth
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/10/2011 1:46:15 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Dreamweaver.exe, version 8.0.0.2734, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/10/2011 11:31:30 AM | Computer Name = OGB1-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module jpiexp.dll, version 6.0.290.11, fault address 0x00002fc3.

Error - 30/10/2011 4:39:53 PM | Computer Name = OGB1-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 30/10/2011 4:39:54 PM | Computer Name = OGB1-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 30/10/2011 6:22:36 PM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2011 10:18:00 AM | Computer Name = OGB1-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10o.ocx, version 10.2.153.1, fault address 0x00102ef3.

Error - 31/10/2011 10:27:11 AM | Computer Name = OGB1-LAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10o.ocx, version 10.2.153.1, fault address 0x00102ef3.

Error - 31/10/2011 10:59:02 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2011 11:00:01 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2011 11:03:20 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 30/10/2011 1:46:15 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application Dreamweaver.exe, version 8.0.0.2734, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/10/2011 11:31:30 AM | Computer Name = OGB1-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module jpiexp.dll, version 6.0.290.11, fault address 0x00002fc3.

Error - 30/10/2011 4:39:53 PM | Computer Name = OGB1-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 30/10/2011 4:39:54 PM | Computer Name = OGB1-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 30/10/2011 6:22:36 PM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2011 10:18:00 AM | Computer Name = OGB1-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10o.ocx, version 10.2.153.1, fault address 0x00102ef3.

Error - 31/10/2011 10:27:11 AM | Computer Name = OGB1-LAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10o.ocx, version 10.2.153.1, fault address 0x00102ef3.

Error - 31/10/2011 10:59:02 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2011 11:00:01 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2011 11:03:20 AM | Computer Name = OGB1-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 31/10/2011 12:41:31 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 31/10/2011 12:42:01 PM | Computer Name = OGB1-LAPTOP | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 31/10/2011 12:42:01 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 31/10/2011 12:42:31 PM | Computer Name = OGB1-LAPTOP | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 31/10/2011 12:42:31 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).

Error - 31/10/2011 12:43:01 PM | Computer Name = OGB1-LAPTOP | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 31/10/2011 12:49:36 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd

Error - 31/10/2011 12:52:38 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd

Error - 31/10/2011 12:54:18 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd

Error - 31/10/2011 12:55:13 PM | Computer Name = OGB1-LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd


< End of report >
  • 0

Advertisements

#2
WhiteHat
Posted 31 October 2011 - 04:40 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello abica and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
abica
Posted 31 October 2011 - 04:47 PM

abica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
WOW! you've come back so fast you must have your track shoes on today!
I failed to point out some other issues I'm enjoying . . .

My Document & Settings have been affected even some have disappeared
I experienced a blue screen just before closing down yesterday
I cannot restore from any of my restore points (they're there, highlighted, but seemingly useless)
I have also employed Sophos' malware removal and actaully thought it had worked but back everything came.

Hope this adds to the mystery in a positive way.

Again thank you for so fast a response.
  • 0

#4
WhiteHat
Posted 02 November 2011 - 06:01 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay.

# Step 1 #

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


# Step 2 #

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


# Step 3 #

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#5
abica
Posted 03 November 2011 - 08:59 AM

abica

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi GLeobas,
Thank you for your follow up. Regrettably I have found it necessary to reformat the HD and reinstall as time was too critical for me. I very much appreciate you taking of your time and making the effort to assist me.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP