Syswow64virus found by OTL [Solved]
Started by
Jan1959
, Nov 23 2011 10:21 AM
#16
Posted 26 November 2011 - 03:43 PM
#17
Posted 26 November 2011 - 04:05 PM
I hope that I'm not being a bad smell! I did as you said but I still am not getting any response from anything in the normal mode. I also tried uninstalling iPlayer but I got the message'Windows installer service could not be accessed'.
I am getting the impression that you do not think that this is a malware problem, would you like me to post it on a different forum?
I am getting the impression that you do not think that this is a malware problem, would you like me to post it on a different forum?
Edited by Jan1959, 26 November 2011 - 04:07 PM.
#18
Posted 26 November 2011 - 05:11 PM
At the moment I am about 90% sure it is system related but, I need to increase that percentage to be happy, This can be run from safe mode if needed
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
Megaupload
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
Now the Analysis
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information
On completion click the link to locate the zip file to upload and attach to your next post
Megaupload
#19
Posted 27 November 2011 - 05:21 AM
Nothing found by Kaspersky apart from the same archived rar.exe temporary internet file that is passworded so cannot be scanned.
Manual detection file is attached
<?xml version="1.0" encoding="WINDOWS-1251"?>
<!-- AVZ XML Report -->
-<AVZ CompHash="D94F99D81DAD29AB85754A8BAADEC19D" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="True" Session="Console" ProfileDir="C:\Users\Jan" OS_CSDV="Service Pack 1" BootMode="2" OS_Build="7601" OS_MiVer="1" OS_MjVer="6" WinDir="C:\Windows\" LogDate="27.11.2011 11:15:05" Version="4.35"> <PROCESS> </PROCESS> <DLL> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" MemSize="013000" Base="30EE000" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpfve.sys"/> <ITEM LegalCopyright="" Descr="" MemSize="208000" Base="2CC5000" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_iaStor.sys"/> </KERNELOBJ> <Service> </Service> <Drivers> </Drivers> -<AUTORUN> <ITEM CheckResult="-1" File="C:\Users\Jan\AppData\Local\Temp\_uninst_.bat" X3="" X2="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" X1="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" MD5="E75FB75065160E2389338A50659A836F" ChageDate="26.11.2011 23:27:54" CreateDate="26.11.2011 23:27:53" Attr="rsAh" Size="348" Type="LNK" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="D:\a2dc54dd75b7619412361c\DW\DW20.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="auditcse.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="igfxdev.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> </AUTORUN> <BHO> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="WebCheck" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" ExtName="ColumnHandler" ExtType="2"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="LXDFPMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="localspl.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="FXSMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="tcpmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="usbmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="WSDMon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="inetpp.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" MD5="104A1070E90F1C530328E69B49718841" ChageDate="20.11.2010 12:20:30" CreateDate="06.10.2011 09:33:30" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" MD5="0B7E85364CB878E2AD531DB7B601A9E5" ChageDate="14.07.2009 01:16:02" CreateDate="13.07.2009 23:54:55" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 01:16:12" CreateDate="13.07.2009 23:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 01:16:12" CreateDate="13.07.2009 23:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 14:03:14" CreateDate="21.09.2010 14:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive NSP" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 14:03:14" CreateDate="21.09.2010 14:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive Local NSP" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" ChageDate="14.07.2009 01:16:19" CreateDate="13.07.2009 23:37:57" Attr="rsAh" Size="20992" SPINaim="NTDS" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> </SPI> <DPF> </DPF> <CPL> </CPL> <ActiveSetup> </ActiveSetup> <HOSTS> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> </ProtocolExt> -<IPU> <ITEM X2="@%SystemRoot%\System32\termsrv.dll,-268" X1="TermService" Code="1"/> <ITEM X2="@%systemroot%\system32\ssdpsrv.dll,-100" X1="SSDPSRV" Code="1"/> <ITEM X2="@%SystemRoot%\system32\schedsvc.dll,-100" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> <ITEM Fixed="0" Level="1" ID="66"/> </WIZARD-TSW> </AVZ>
rsion="1.0" encoding="windows-1251" ?>
<!-- AVZ XML Report -->
<AVZ Version="4.35" LogDate="27.11.2011 11:15:05" WinDir="C:\Windows\" OS_MjVer="6" OS_MiVer="1" OS_Build="7601" BootMode="2" OS_CSDV="Service Pack 1" ProfileDir="C:\Users\Jan" Session="Console" IsWow64="True" IsAdmin="True" IsSRDisabled="False" MainDBDate="12/30/1899" CompHash="D94F99D81DAD29AB85754A8BAADEC19D">
<PROCESS>
</PROCESS>
<DLL>
</DLL>
<KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\dump_dumpfve.sys" CheckResult="-1" Base="30EE000" MemSize="013000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="2CC5000" MemSize="208000" Descr="" LegalCopyright="" />
</KERNELOBJ>
<Service>
</Service>
<Drivers>
</Drivers>
<AUTORUN>
<ITEM File="C:\Users\Jan\AppData\Local\Temp\_uninst_.bat" CheckResult="-1" Enabled="1" Type="LNK" Size="348" Attr="rsAh" CreateDate="26.11.2011 23:27:53" ChageDate="26.11.2011 23:27:54" MD5="E75FB75065160E2389338A50659A836F" X1="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" X2="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" X3="" />
<ITEM File="C:\Windows\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="D:\a2dc54dd75b7619412361c\DW\DW20.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X3="EventMessageFile" />
<ITEM File="auditcse.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X3="DLLName" />
<ITEM File="igfxdev.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X3="DLLName" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
<BHO>
</BHO>
<ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WebCheck" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT>
<ITEM File="LXDFPMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="localspl.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="FXSMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="tcpmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="usbmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="WSDMon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="inetpp.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers" Descr="" LegalCopyright="" />
</PrintEXT>
<TaskScheduler>
</TaskScheduler>
<SPI>
<ITEM File="C:\Windows\system32\NLAapi.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" Descr="Network Location Awareness 2" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="06.10.2011 09:33:30" ChageDate="20.11.2010 12:20:30" MD5="104A1070E90F1C530328E69B49718841" />
<ITEM File="C:\Windows\system32\napinsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" Descr="E-mail Naming Shim Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="13.07.2009 23:54:55" ChageDate="14.07.2009 01:16:02" MD5="0B7E85364CB878E2AD531DB7B601A9E5" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 23:55:50" ChageDate="14.07.2009 01:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 23:55:50" ChageDate="14.07.2009 01:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 14:03:14" ChageDate="21.09.2010 14:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive Local NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 14:03:14" ChageDate="21.09.2010 14:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="20992" Attr="rsAh" CreateDate="13.07.2009 23:37:57" ChageDate="14.07.2009 01:16:19" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
</SPI>
<DPF>
</DPF>
<CPL>
</CPL>
<ActiveSetup>
</ActiveSetup>
<HOSTS>
</HOSTS>
<ProtocolExt>
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
</ProtocolExt>
<IPU>
<ITEM Code="1" X1="TermService" X2="@%SystemRoot%\System32\termsrv.dll,-268" />
<ITEM Code="1" X1="SSDPSRV" X2="@%systemroot%\system32\ssdpsrv.dll,-100" />
<ITEM Code="1" X1="Schedule" X2="@%SystemRoot%\system32\schedsvc.dll,-100" />
<ITEM Code="2" />
<ITEM Code="3" />
<ITEM Code="5" />
<ITEM Code="8" X1="-1" />
</IPU>
<WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
<ITEM ID="66" Level="1" Fixed="0" />
</WIZARD-TSW>
</AVZ>
Manual detection file is attached
<?xml version="1.0" encoding="WINDOWS-1251"?>
<!-- AVZ XML Report -->
-<AVZ CompHash="D94F99D81DAD29AB85754A8BAADEC19D" MainDBDate="12/30/1899" IsSRDisabled="False" IsAdmin="True" IsWow64="True" Session="Console" ProfileDir="C:\Users\Jan" OS_CSDV="Service Pack 1" BootMode="2" OS_Build="7601" OS_MiVer="1" OS_MjVer="6" WinDir="C:\Windows\" LogDate="27.11.2011 11:15:05" Version="4.35"> <PROCESS> </PROCESS> <DLL> </DLL> -<KERNELOBJ> <ITEM LegalCopyright="" Descr="" MemSize="013000" Base="30EE000" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_dumpfve.sys"/> <ITEM LegalCopyright="" Descr="" MemSize="208000" Base="2CC5000" CheckResult="-1" File="C:\Windows\System32\Drivers\dump_iaStor.sys"/> </KERNELOBJ> <Service> </Service> <Drivers> </Drivers> -<AUTORUN> <ITEM CheckResult="-1" File="C:\Users\Jan\AppData\Local\Temp\_uninst_.bat" X3="" X2="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" X1="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" MD5="E75FB75065160E2389338A50659A836F" ChageDate="26.11.2011 23:27:54" CreateDate="26.11.2011 23:27:53" Attr="rsAh" Size="348" Type="LNK" Enabled="1"/> <ITEM CheckResult="-1" File="C:\Windows\system32\psxss.exe" X3="Posix" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="D:\a2dc54dd75b7619412361c\DW\DW20.exe" X3="EventMessageFile" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="-1"/> <ITEM CheckResult="-1" File="auditcse.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="igfxdev.dll" X3="DLLName" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> <ITEM CheckResult="-1" File="rdpclip" X3="StartupPrograms" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X1="HKEY_LOCAL_MACHINE" Type="REG" Enabled="1"/> </AUTORUN> <BHO> </BHO> -<ExplorerExt> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" ExtName="WebCheck" ExtType="1"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="" Enabled="1" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" ExtName="ColumnHandler" ExtType="2"/> </ExplorerExt> -<PrintEXT> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="LXDFPMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="localspl.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="FXSMON.DLL" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="tcpmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="usbmon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="WSDMon.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors"/> <ITEM LegalCopyright="" Descr="" CheckResult="-1" File="inetpp.dll" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers"/> </PrintEXT> <TaskScheduler> </TaskScheduler> -<SPI> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Network Location Awareness 2" CheckResult="-1" File="C:\Windows\system32\NLAapi.dll" MD5="104A1070E90F1C530328E69B49718841" ChageDate="20.11.2010 12:20:30" CreateDate="06.10.2011 09:33:30" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="E-mail Naming Shim Provider" CheckResult="-1" File="C:\Windows\system32\napinsp.dll" MD5="0B7E85364CB878E2AD531DB7B601A9E5" ChageDate="14.07.2009 01:16:02" CreateDate="13.07.2009 23:54:55" Attr="rsAh" Size="52224" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 01:16:12" CreateDate="13.07.2009 23:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="PNRP Name Space Provider" CheckResult="-1" File="C:\Windows\system32\pnrpnsp.dll" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" ChageDate="14.07.2009 01:16:12" CreateDate="13.07.2009 23:55:50" Attr="rsAh" Size="65024" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 14:03:14" CreateDate="21.09.2010 14:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive NSP" SPIType="1"/> <ITEM LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Descr="Microsoft® Windows Live ID Namespace Provider" CheckResult="-1" File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" MD5="9D4A1690AF93F233E15380398BEC7431" ChageDate="21.09.2010 14:03:14" CreateDate="21.09.2010 14:03:14" Attr="rsAh" Size="145280" SPINaim="WindowsLive Local NSP" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\System32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="LDAP RnR Provider DLL" CheckResult="-1" File="C:\Windows\System32\winrnr.dll" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" ChageDate="14.07.2009 01:16:19" CreateDate="13.07.2009 23:37:57" Attr="rsAh" Size="20992" SPINaim="NTDS" SPIType="1"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" SPIType="3"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft Windows Sockets 2.0 Service Provider" CheckResult="-1" File="C:\Windows\system32\mswsock.dll" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" ChageDate="20.11.2010 12:19:56" CreateDate="06.10.2011 09:34:09" Attr="rsAh" Size="232448" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" SPIType="3"/> </SPI> <DPF> </DPF> <CPL> </CPL> <ActiveSetup> </ActiveSetup> <HOSTS> </HOSTS> -<ProtocolExt> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus"/> <ITEM LegalCopyright="© Microsoft Corporation. All rights reserved." Descr="Microsoft .NET Runtime Execution Engine" CheckResult="-1" File="mscoree.dll" Enabled="1" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload"/> </ProtocolExt> -<IPU> <ITEM X2="@%SystemRoot%\System32\termsrv.dll,-268" X1="TermService" Code="1"/> <ITEM X2="@%systemroot%\system32\ssdpsrv.dll,-100" X1="SSDPSRV" Code="1"/> <ITEM X2="@%SystemRoot%\system32\schedsvc.dll,-100" X1="Schedule" Code="1"/> <ITEM Code="2"/> <ITEM Code="3"/> <ITEM Code="5"/> <ITEM X1="-1" Code="8"/> </IPU> -<WIZARD-TSW> <ITEM Fixed="0" Level="3" ID="58"/> <ITEM Fixed="0" Level="3" ID="59"/> <ITEM Fixed="0" Level="1" ID="60"/> <ITEM Fixed="0" Level="2" ID="61"/> <ITEM Fixed="0" Level="1" ID="66"/> </WIZARD-TSW> </AVZ>
rsion="1.0" encoding="windows-1251" ?>
<!-- AVZ XML Report -->
<AVZ Version="4.35" LogDate="27.11.2011 11:15:05" WinDir="C:\Windows\" OS_MjVer="6" OS_MiVer="1" OS_Build="7601" BootMode="2" OS_CSDV="Service Pack 1" ProfileDir="C:\Users\Jan" Session="Console" IsWow64="True" IsAdmin="True" IsSRDisabled="False" MainDBDate="12/30/1899" CompHash="D94F99D81DAD29AB85754A8BAADEC19D">
<PROCESS>
</PROCESS>
<DLL>
</DLL>
<KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\dump_dumpfve.sys" CheckResult="-1" Base="30EE000" MemSize="013000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="2CC5000" MemSize="208000" Descr="" LegalCopyright="" />
</KERNELOBJ>
<Service>
</Service>
<Drivers>
</Drivers>
<AUTORUN>
<ITEM File="C:\Users\Jan\AppData\Local\Temp\_uninst_.bat" CheckResult="-1" Enabled="1" Type="LNK" Size="348" Attr="rsAh" CreateDate="26.11.2011 23:27:53" ChageDate="26.11.2011 23:27:54" MD5="E75FB75065160E2389338A50659A836F" X1="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\" X2="C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk" X3="" />
<ITEM File="C:\Windows\system32\psxss.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager\SubSystems" X3="Posix" />
<ITEM File="D:\a2dc54dd75b7619412361c\DW\DW20.exe" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup" X3="EventMessageFile" />
<ITEM File="auditcse.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}" X3="DLLName" />
<ITEM File="igfxdev.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" X3="DLLName" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
<BHO>
</BHO>
<ExplorerExt>
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="1" ExtName="WebCheck" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtType="2" ExtName="ColumnHandler" RegKey="SOFTWARE\Classes\Folder\shellex\ColumnHandlers" CLSID="{F9DB5320-233E-11D1-9F84-707F02C10627}" Descr="" LegalCopyright="" />
</ExplorerExt>
<PrintEXT>
<ITEM File="LXDFPMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="localspl.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="FXSMON.DLL" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="tcpmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="usbmon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="WSDMon.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="" LegalCopyright="" />
<ITEM File="inetpp.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Providers" Descr="" LegalCopyright="" />
</PrintEXT>
<TaskScheduler>
</TaskScheduler>
<SPI>
<ITEM File="C:\Windows\system32\NLAapi.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\nlasvc.dll,-1000" Descr="Network Location Awareness 2" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="06.10.2011 09:33:30" ChageDate="20.11.2010 12:20:30" MD5="104A1070E90F1C530328E69B49718841" />
<ITEM File="C:\Windows\system32\napinsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\napinsp.dll,-1000" Descr="E-mail Naming Shim Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="52224" Attr="rsAh" CreateDate="13.07.2009 23:54:55" ChageDate="14.07.2009 01:16:02" MD5="0B7E85364CB878E2AD531DB7B601A9E5" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1000" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 23:55:50" ChageDate="14.07.2009 01:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Windows\system32\pnrpnsp.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\pnrpnsp.dll,-1001" Descr="PNRP Name Space Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="65024" Attr="rsAh" CreateDate="13.07.2009 23:55:50" ChageDate="14.07.2009 01:16:12" MD5="5CF640EDDB1E40A5AB1BB743BCDEC610" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 14:03:14" ChageDate="21.09.2010 14:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" CheckResult="-1" SPIType="1" SPINaim="WindowsLive Local NSP" Descr="Microsoft® Windows Live ID Namespace Provider" LegalCopyright="Copyright © 1995-2010 Microsoft Corp." Size="145280" Attr="rsAh" CreateDate="21.09.2010 14:03:14" ChageDate="21.09.2010 14:03:14" MD5="9D4A1690AF93F233E15380398BEC7431" />
<ITEM File="C:\Windows\System32\mswsock.dll" CheckResult="-1" SPIType="1" SPINaim="@%SystemRoot%\system32\wshtcpip.dll,-60103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\System32\winrnr.dll" CheckResult="-1" SPIType="1" SPINaim="NTDS" Descr="LDAP RnR Provider DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="20992" Attr="rsAh" CreateDate="13.07.2009 23:37:57" ChageDate="14.07.2009 01:16:19" MD5="5DF5D8CFD9B9573FA3B2C89D9061A240" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshtcpip.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wship6.dll,-60102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-100" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-101" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-102" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
<ITEM File="C:\Windows\system32\mswsock.dll" CheckResult="-1" SPIType="3" SPINaim="@%SystemRoot%\System32\wshqos.dll,-103" Descr="Microsoft Windows Sockets 2.0 Service Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232448" Attr="rsAh" CreateDate="06.10.2011 09:34:09" ChageDate="20.11.2010 12:19:56" MD5="8999B8631C7FD9F7F9EC3CAFD953BA24" />
</SPI>
<DPF>
</DPF>
<CPL>
</CPL>
<ActiveSetup>
</ActiveSetup>
<HOSTS>
</HOSTS>
<ProtocolExt>
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="mscoree.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload" CLSID="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." />
</ProtocolExt>
<IPU>
<ITEM Code="1" X1="TermService" X2="@%SystemRoot%\System32\termsrv.dll,-268" />
<ITEM Code="1" X1="SSDPSRV" X2="@%systemroot%\system32\ssdpsrv.dll,-100" />
<ITEM Code="1" X1="Schedule" X2="@%SystemRoot%\system32\schedsvc.dll,-100" />
<ITEM Code="2" />
<ITEM Code="3" />
<ITEM Code="5" />
<ITEM Code="8" X1="-1" />
</IPU>
<WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="60" Level="1" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
<ITEM ID="66" Level="1" Fixed="0" />
</WIZARD-TSW>
</AVZ>
Edited by Jan1959, 27 November 2011 - 05:27 AM.
#20
Posted 27 November 2011 - 06:30 AM
Hi could you attach the entire zip file please as per the last screen shot in the instruction
As that is a darn sight easier to read
As that is a darn sight easier to read
#21
Posted 27 November 2011 - 07:46 AM
I've only ever used the quick reply so I didn't know there was an attachment option.
Hope that this one is okay?
Hope that this one is okay?
Attached Files
#23
Posted 27 November 2011 - 11:24 AM
Hi,
Sorry for the delay in replying - I have run check disk and although I could connect to the internet briefly, after Adobe Flash Player updated I had a 'Toshiba Notebook Registration reminder has stopped' message that just kept looping and wouldn't close. After that I couldn't access the internet again. I also tried check disk with repair but it froze half way through the program.
Sorry for the delay in replying - I have run check disk and although I could connect to the internet briefly, after Adobe Flash Player updated I had a 'Toshiba Notebook Registration reminder has stopped' message that just kept looping and wouldn't close. After that I couldn't access the internet again. I also tried check disk with repair but it froze half way through the program.
#24
Posted 27 November 2011 - 11:30 AM
Could you reboot and see if the internet is available again
When flash player update appeared where did the notification come from ?
When flash player update appeared where did the notification come from ?
#25
Posted 27 November 2011 - 11:56 AM
Yes the internet is available atm but it was really slow to load. The flash player did come from Adobe but when I checked the event viewer, it said that Flash Player 32 bit had been installed when my laptop is a 64 bit. I also noticed that a repeated warning message that said vss was denied access to the root volume. Don't know if that was relevant?
#26
Posted 27 November 2011 - 11:59 AM
Hmm I have my doubts about that update - so lets do a quick run on that. When you did disc check did you get asked to reboot to continue ?
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#27
Posted 27 November 2011 - 12:34 PM
I am quite concerned now! As soon as I downloaded Combofix my Avast disappeared from my desktop. I continued to run Combofix from my desktop (it said that it was deleting files and folders as it progressed)then instead of producing a report,my laptop just shut itself down and then rebooted. The Combofix restarted automatically and then went through the same process again. In the end I had to force a shut down and reboot to safe mode. I did not get the normal txt document from Combofix.
Yes check disk did ask for a reboot.
Yes check disk did ask for a reboot.
Edited by Jan1959, 27 November 2011 - 12:52 PM.
#28
Posted 27 November 2011 - 04:02 PM
Could you retry from safe mode please - it may have been as I suspected and the flash update was a fake
#29
Posted 27 November 2011 - 04:38 PM
Exactly the same - it got to 50 and then rebooted itself and my lapptop back to the beginning without any log. I did try deleting Combofix any reinstalling it it safe mode just in case but no joy I'm afraid.
#30
Posted 27 November 2011 - 04:48 PM
OK could you run a fresh OTL for me please ensuring all users is selected
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users