Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have the right files this time

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I have the right files this time

Unread postby mrlawler46 » March 31st, 2011, 11:28 am

Sorry bout before I didn't know what DDS log was but I have it now....''

The problems I have been having is:
- Internet explorer runs extremely slow and comes up with security warnings every 30 seconds for secure sites
Google Chrome
- Facebook continually stays on login page even after being refreshed
- Hotmail Just comes up blank page no matter how many times refreshed
- banking sites come up with security certificate invalid

I'm sure there are more but I can not think of them at the moment.


Thanks.......


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Matt at 0:29:40.92 on Mon 01/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.200 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Matt\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] rundll32.exe c:\windows\system32\nvsysrot.dll,Enable
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [TPSMain] TPSMain.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.jp/en/downloads/get ... px?lang=en
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 3468630703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 3468714515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: psfus - psqlpwd.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-30 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-27 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-27 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-27 42184]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
.
=============== Created Last 30 ================
.
2011-07-31 13:23:02 -------- d-----w- c:\docume~1\matt\applic~1\PriceGong
2011-07-31 13:20:33 388096 ----a-r- c:\docume~1\matt\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-31 13:20:31 -------- d-----w- c:\program files\Trend Micro
2011-07-31 12:48:16 -------- d-sha-r- C:\cmdcons
2011-07-31 12:43:40 98816 ----a-w- c:\windows\sed.exe
2011-07-31 12:43:40 89088 ----a-w- c:\windows\MBR.exe
2011-07-31 12:43:40 256512 ----a-w- c:\windows\PEV.exe
2011-07-31 12:43:40 161792 ----a-w- c:\windows\SWREG.exe
2011-07-31 00:40:58 -------- d-----w- c:\docume~1\matt\applic~1\Malwarebytes
2011-07-31 00:40:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 00:40:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-07-31 00:40:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 00:40:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 23:11:17 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
.
============= FINISH: 0:32:28.45 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/12/2010 1:48:19 AM
System Uptime: 31/07/2011 11:33:49 PM (1 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | U1 | 1729/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 25.017 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP49: 11/02/2011 5:00:03 PM - Software Distribution Service 3.0
RP50: 12/02/2011 5:22:06 PM - Software Distribution Service 3.0
RP51: 15/02/2011 9:25:36 AM - System Checkpoint
RP52: 20/02/2011 11:42:28 AM - System Checkpoint
RP53: 22/02/2011 2:58:33 PM - System Checkpoint
RP54: 24/02/2011 7:41:15 AM - System Checkpoint
RP55: 25/02/2011 5:55:05 PM - System Checkpoint
RP56: 28/02/2011 1:18:08 AM - System Checkpoint
RP57: 1/03/2011 1:26:44 AM - System Checkpoint
RP58: 3/03/2011 4:19:49 PM - System Checkpoint
RP59: 4/03/2011 5:05:31 PM - System Checkpoint
RP60: 10/03/2011 8:59:52 AM - Software Distribution Service 3.0
RP61: 14/03/2011 7:53:15 AM - System Checkpoint
RP62: 15/03/2011 10:52:44 PM - System Checkpoint
RP63: 16/03/2011 12:28:12 PM - Software Distribution Service 3.0
RP64: 17/03/2011 10:55:32 PM - System Checkpoint
RP65: 19/03/2011 3:11:48 PM - System Checkpoint
RP66: 20/03/2011 5:22:37 PM - System Checkpoint
RP67: 21/03/2011 5:32:28 PM - System Checkpoint
RP68: 22/03/2011 9:11:58 PM - System Checkpoint
RP69: 23/03/2011 10:26:46 PM - System Checkpoint
RP70: 24/03/2011 11:24:51 PM - System Checkpoint
RP71: 25/03/2011 3:00:17 AM - Software Distribution Service 3.0
RP72: 26/03/2011 3:24:51 AM - System Checkpoint
RP73: 28/03/2011 11:18:16 AM - System Checkpoint
RP74: 29/07/2011 6:27:11 PM - System Checkpoint
RP75: 31/07/2011 2:11:38 AM - System Checkpoint
RP76: 31/07/2011 10:17:44 AM - Removed Rome - Total War - Alexander
RP77: 31/07/2011 10:18:16 AM - Removed Rome: Total War - Barbarian Invasion
RP78: 31/07/2011 10:20:04 AM - Removed Rome - Total War(TM)
RP79: 31/07/2011 11:20:29 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armagetron Advanced 0.2.8.3.1.gcc
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
BitTorrent
BitTorrentBar Toolbar
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
CDBurnerXP
Conduit Engine
DivX Setup
DjVu Shell Extension Pack
Document Express DjVu Plug-in (autoinstall)
DVD-RAM Driver
FastPictureViewer 1.4 (32-bit)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 0.9.4
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java(TM) 6 Update 20
Magic DVD Ripper V5.5.0
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mkv2vob
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
NVIDIA Drivers
Office 2003 Trial Assistant
OpenOffice.org 3.2
Protector Suite 5.4
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic RecordNow!
Sweet Home 3D version 3.0
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
WebFldrs XP
WinAVI All in One Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR
.
==== Event Viewer Messages From Past Week ========
.
30/07/2011 11:45:16 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
29/07/2011 6:31:53 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -10540798 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.3:123->207.46.197.32:123) is working properly.
29/07/2011 6:16:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am
Advertisement
Register to Remove

Re: I have the right files this time

Unread postby Dakeyras » April 2nd, 2011, 3:34 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Peer to Peer Advice:

If I may to bring your attention to the below forum policy:-

P2P file sharing programmes

As a condition of receiving our help, I have included the P2P program BitTorrent(and toolbar) in the removal instructions below, so we are not wasting our time.

If you have used this, you can be fairly confident this is a principal reason your computer is infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

BitTorrent
BitTorrentBar Toolbar

Conduit Engine <-- Has undesirable characteristics.
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 20 <-- We will update Java in due course.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 4th, 2011, 2:25 pm

Hi Dakeyrs,

Thankyou again for the help.

The system is still having the same issues with iexplorer and Google Chrome I mentioned earlier.
Some others I could not think of at the time that are still occurring are:
- Windows Security Alerts say my CPU is not protected
- Avast says my Virus database may not be up to date
- Also when I saved DDS.com to my desktop Avast blocked it as Malware the first time and deleted it so I had to dL it again


Here are the OTL reports:



OTL logfile created on: 5/08/2011 4:16:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 17.56 Gb Free Space | 23.55% Space Free | Partition Type: NTFS

Computer Name: WILBUR | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/27 13:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/29 11:10:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/29 11:10:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/07/31 22:59:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2694680138-3666285163-3887726610-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova.jp/en/downloads/get ... px?lang=en (DjVuCtl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3468630703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 3468714515 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 04:24:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 04:08:59 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Matt\My Documents\My Safe
[2011/08/03 16:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\Handbrake
[2011/08/03 13:12:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/08/01 11:07:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/31 23:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\PriceGong
[2011/07/31 23:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/31 23:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\HiJackThis
[2011/07/31 22:48:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/31 22:43:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/31 22:43:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/31 22:43:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/31 22:43:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/31 22:43:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/31 22:43:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 10:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Malwarebytes
[2011/07/31 10:40:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/31 10:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/31 10:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/31 10:40:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/31 10:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/30 09:11:17 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2006/03/07 10:45:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/05 04:14:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2694680138-3666285163-3887726610-1005.job
[2011/08/05 04:14:45 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2694680138-3666285163-3887726610-1005.job
[2011/08/05 04:11:23 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 04:10:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/05 04:09:32 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 04:08:58 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/08/05 04:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/05 04:08:41 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 03:53:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 16:17:26 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Handbrake.lnk
[2011/08/03 13:18:11 | 000,594,380 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2011/08/03 13:13:25 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Shortcut to ComboFix.lnk
[2011/08/03 13:12:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/07/31 23:36:07 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\HiJackThis.lnk
[2011/07/31 22:59:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/31 22:48:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/30 12:09:16 | 020,586,196 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\vlc-1.1.8-win32.exe
[2011/07/30 09:11:17 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 16:17:26 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Handbrake.lnk
[2011/08/03 13:17:30 | 000,594,380 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\dds.scr
[2011/08/03 13:13:25 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Shortcut to ComboFix.lnk
[2011/07/31 23:20:31 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\HiJackThis.lnk
[2011/07/31 22:48:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/31 22:48:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/31 22:43:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/31 22:43:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/31 22:43:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/31 22:43:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/31 22:43:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/29 22:27:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/29 11:04:00 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 09:29:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/05/16 07:46:09 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/16 07:46:06 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/16 07:46:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/16 07:46:03 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/16 07:46:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/16 07:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/16 07:45:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/16 07:45:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/16 07:45:55 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/09 06:51:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 10:47:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/07 10:45:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/03/07 09:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/03/07 09:07:40 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/03/07 09:07:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/03/07 09:00:23 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/07 08:58:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/03/07 08:58:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/03/07 08:58:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/03/07 08:58:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/03/07 08:58:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/03/07 08:58:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/03/07 07:21:04 | 000,000,176 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/03/07 07:21:03 | 000,000,176 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/03/07 07:21:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/07 07:21:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/07 07:20:31 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/03/07 07:20:30 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/03/07 07:20:30 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/03/07 07:20:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/03/07 05:33:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 04:28:53 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 04:27:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/07 04:22:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/07 03:02:27 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/03/07 03:01:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/07 03:01:54 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/07 03:01:54 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/07 03:01:54 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/07 03:01:54 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/07 03:01:53 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/07 03:01:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/07 03:01:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/07 03:01:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/07 03:01:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/07 03:01:44 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/07 03:01:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/06 20:18:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/06 20:17:13 | 000,180,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/28 22:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/03 08:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 15:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/21 11:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 08:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 20:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

< End of report >



OTL Extras logfile created on: 5/08/2011 4:16:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 17.56 Gb Free Space | 23.55% Space Free | Partition Type: NTFS

Computer Name: WILBUR | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95675427-1453-4C1B-8914-94D573E6DE69}" = DjVu Shell Extension Pack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DF37A1C2-8177-491A-9192-B3A292008E72}" = FastPictureViewer 1.4 (32-bit)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"DjVu" = Document Express DjVu Plug-in (autoinstall)
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Sweet Home 3D_is1" = Sweet Home 3D version 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.5
"WinAVI All in One Converter" = WinAVI All in One Converter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2694680138-3666285163-3887726610-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2011 7:48:51 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1937

Error - 13/02/2011 7:48:53 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/02/2011 7:48:53 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3968

Error - 13/02/2011 7:48:53 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3968

Error - 15/02/2011 11:08:20 AM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04620000.

Error - 15/02/2011 11:08:27 AM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 15/02/2011 7:52:56 PM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04239290.

Error - 15/02/2011 7:54:25 PM | Computer Name = WILBUR | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/02/2011 10:46:12 PM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x07049290.

Error - 15/02/2011 10:57:53 PM | Computer Name = WILBUR | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/07/2011 9:45:16 PM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/07/2011 8:29:32 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/07/2011 8:31:45 AM | Computer Name = WILBUR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 31/07/2011 7:50:08 PM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/08/2011 9:22:03 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/08/2011 1:26:44 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/08/2011 1:39:51 AM | Computer Name = WILBUR | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.3
with the system having network hardware address 00:26:B0:A1:99:A4. Network operations
on this system may be disrupted as a result.

Error - 2/08/2011 11:03:53 PM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/08/2011 11:06:08 PM | Computer Name = WILBUR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/08/2011 1:52:24 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby mrlawler46 » April 4th, 2011, 2:29 pm

Apologies I just read the part at the very bottom stating to post separately so here is the Extras log separately....



OTL Extras logfile created on: 5/08/2011 4:16:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 473.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 17.56 Gb Free Space | 23.55% Space Free | Partition Type: NTFS

Computer Name: WILBUR | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95675427-1453-4C1B-8914-94D573E6DE69}" = DjVu Shell Extension Pack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DF37A1C2-8177-491A-9192-B3A292008E72}" = FastPictureViewer 1.4 (32-bit)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.1.gcc
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"DivX Setup.divx.com" = DivX Setup
"DjVu" = Document Express DjVu Plug-in (autoinstall)
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Sweet Home 3D_is1" = Sweet Home 3D version 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.0.5
"WinAVI All in One Converter" = WinAVI All in One Converter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2694680138-3666285163-3887726610-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2011 7:48:51 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1937

Error - 13/02/2011 7:48:53 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/02/2011 7:48:53 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3968

Error - 13/02/2011 7:48:53 PM | Computer Name = WILBUR | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3968

Error - 15/02/2011 11:08:20 AM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04620000.

Error - 15/02/2011 11:08:27 AM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 15/02/2011 7:52:56 PM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04239290.

Error - 15/02/2011 7:54:25 PM | Computer Name = WILBUR | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/02/2011 10:46:12 PM | Computer Name = WILBUR | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x07049290.

Error - 15/02/2011 10:57:53 PM | Computer Name = WILBUR | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/07/2011 9:45:16 PM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/07/2011 8:29:32 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 31/07/2011 8:31:45 AM | Computer Name = WILBUR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 31/07/2011 7:50:08 PM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/08/2011 9:22:03 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/08/2011 1:26:44 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/08/2011 1:39:51 AM | Computer Name = WILBUR | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.3
with the system having network hardware address 00:26:B0:A1:99:A4. Network operations
on this system may be disrupted as a result.

Error - 2/08/2011 11:03:53 PM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/08/2011 11:06:08 PM | Computer Name = WILBUR | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/08/2011 1:52:24 AM | Computer Name = WILBUR | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 00130289D46C has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 4th, 2011, 8:40 pm

Hi. :)

Thankyou again for the help.
You're welcome and thanks for the update also.

A question if I may, it appears ComboFix has been ran on your machine but not uninstalled correctly. Have you run the aforementioned yourself and or received assistance elsewhere?

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
SRV - (HidServ) -- File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [TFncKy] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Answer to my ComboFix query.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 5th, 2011, 3:16 am

Hey there,

The issues above are still occurring unfortunately....
Another problem I have been having is when I go into Windows Explorer to go into files, Windows Explorer shuts itself down saying it has encountered a problem and needed to close. This happens almost every time I go into my folders but when I go into it the second time (after it shut down the first) to go to my files it doesn't happen again.

The ComboFix query:-
Before finding this forum I was searching around the net for answers for the issues with my CPU. One of the pages I was looking at advised to DL ComboFix, do a scan and there was and example of some bad files to get rid of with it. So I deleted 2 of the files that matched up and nothing seemed to change. I quickly realized that I was WAY out of my league and didn't do anymore and just left it all as is and I kept on with my search for answers and found this forum.




Here are the logs required.....



All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002656_.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matt\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACRORD32.EXE-19C3D96E.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICEHELPER.EXE-1C98CF29.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICESERVICE.EXE-1C6F3579.pf moved successfully.
C:\WINDOWS\prefetch\AU_.EXE-0B269D80.pf moved successfully.
C:\WINDOWS\prefetch\AVAST.SETUP-01FBC16A.pf moved successfully.
C:\WINDOWS\prefetch\BITTORRENT.EXE-15EBE065.pf moved successfully.
C:\WINDOWS\prefetch\CFSVCS.EXE-05A90D42.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C0F.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C12.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C13.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-06157C16.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
C:\WINDOWS\prefetch\CSC.EXE-01730C27.pf moved successfully.
C:\WINDOWS\prefetch\CVTRES.EXE-2329DCD5.pf moved successfully.
C:\WINDOWS\prefetch\DISTNOTED.EXE-347E9427.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-205D880D.pf moved successfully.
C:\WINDOWS\prefetch\DOT1XCFG.EXE-32C52055.pf moved successfully.
C:\WINDOWS\prefetch\DRWTSN32.EXE-2B4B52AC.pf moved successfully.
C:\WINDOWS\prefetch\DVDRAMSV.EXE-26747295.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-3AF697AA.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-10F447C7.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-34C2B2F4.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_C8CBFED7-39E8F175.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf moved successfully.
C:\WINDOWS\prefetch\HANDBRAKE-SETUP.EXE-078DFEAC.pf moved successfully.
C:\WINDOWS\prefetch\HANDBRAKE.EXE-033E8524.pf moved successfully.
C:\WINDOWS\prefetch\HANDBRAKECLI.EXE-0B4F81B6.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-3192DE38.pf moved successfully.
C:\WINDOWS\prefetch\IS-LH1IL.TMP-17DC8B3B.pf moved successfully.
C:\WINDOWS\prefetch\ITUNES.EXE-1A268432.pf moved successfully.
C:\WINDOWS\prefetch\JAUREG.EXE-009F59AE.pf moved successfully.
C:\WINDOWS\prefetch\JAVA.EXE-0C263507.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-1D781F77.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
C:\WINDOWS\prefetch\MDNSRESPONDER.EXE-02F30C6E.pf moved successfully.
C:\WINDOWS\prefetch\MSIAE.TMP-34901452.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
C:\WINDOWS\prefetch\NMSACCESSU.EXE-33913555.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-189578DA.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\NVSVC32.EXE-1F9EED18.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-237F29A0.pf moved successfully.
C:\WINDOWS\prefetch\PING.EXE-31216D26.pf moved successfully.
C:\WINDOWS\prefetch\REALPLAY.EXE-1BF219BD.pf moved successfully.
C:\WINDOWS\prefetch\REALUPGRADE.EXE-38293202.pf moved successfully.
C:\WINDOWS\prefetch\REGSRVC.EXE-19D06F0A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-237A092C.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-2CD85FD3.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-35A483DA.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-37027930.pf moved successfully.
C:\WINDOWS\prefetch\SF.BIN-003DA257.pf moved successfully.
C:\WINDOWS\prefetch\SF.BIN-0F47646A.pf moved successfully.
C:\WINDOWS\prefetch\SF.BIN-15D77747.pf moved successfully.
C:\WINDOWS\prefetch\SF.BIN-27D323E3.pf moved successfully.
C:\WINDOWS\prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf moved successfully.
C:\WINDOWS\prefetch\SPOOLSV.EXE-282F76A7.pf moved successfully.
C:\WINDOWS\prefetch\SSMYPICS.SCR-01C62024.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
C:\WINDOWS\prefetch\TAPPSRV.EXE-2860E870.pf moved successfully.
C:\WINDOWS\prefetch\TOSBTHSP.EXE-16937FCE.pf moved successfully.
C:\WINDOWS\prefetch\UNINST.EXE-095B2DED.pf moved successfully.
C:\WINDOWS\prefetch\UNWISE.EXE-031D5229.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
C:\WINDOWS\prefetch\VLC.EXE-22DF01AA.pf moved successfully.
C:\WINDOWS\prefetch\WDFMGR.EXE-2CF4013B.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: Matt
->Flash cache emptied: 46559 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Matt
->Temp folder emptied: 10744801 bytes
->Temporary Internet Files folder emptied: 22196048 bytes
->Java cache emptied: 1190268 bytes
->Google Chrome cache emptied: 247062191 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17047 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1208085514 bytes

Total Files Cleaned = 1,420.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 08052011_164039

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6273

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/08/2011 4:53:07 PM
mbam-log-2011-08-05 (16-53-07).txt

Scan type: Quick scan
Objects scanned: 155763
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 5th, 2011, 8:56 am

Hi. :)

The issues above are still occurring unfortunately....
Another problem I have been having is when I go into Windows Explorer to go into files, Windows Explorer shuts itself down saying it has encountered a problem and needed to close. This happens almost every time I go into my folders but when I go into it the second time (after it shut down the first) to go to my files it doesn't happen again.
OK and thanks for the update.

The ComboFix query:-
Before finding this forum I was searching around the net for answers for the issues with my CPU. One of the pages I was looking at advised to DL ComboFix, do a scan and there was and example of some bad files to get rid of with it. So I deleted 2 of the files that matched up and nothing seemed to change. I quickly realized that I was WAY out of my league and didn't do anymore and just left it all as is and I kept on with my search for answers and found this forum.
Fair play and I think you have realised you should not have used ComboFix without trained supervision...Very probably this has exacerbated your machines current problems.

Anyway I will try my best to rectify all on your behalf, this will probably take some time so please bare with myself. We will be updating your actual Anti-Virus application at some point as the current installed version is out of date, this is merely for your information and please do not take any action with regard to this until I advise so, thank you.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\mru-backup
and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the application.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Scan with TDSSKiller:

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.

Note: Do not have TDSSKiller remove anything if found at this point in time!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 5th, 2011, 5:35 pm

Thanks for the Tip about exacerbating the problem. Obviously I have no idea how to fix it myself so I won't be making any other moves without your advice first.

Here are the logs:-

exeHelper by Raktor
Build 20100414
Run at 07:24:24 on 08/06/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


2011/08/06 07:32:46.0000 1192 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/08/06 07:32:46.0906 1192 ================================================================================
2011/08/06 07:32:46.0906 1192 SystemInfo:
2011/08/06 07:32:46.0906 1192
2011/08/06 07:32:46.0906 1192 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/06 07:32:46.0906 1192 Product type: Workstation
2011/08/06 07:32:46.0921 1192 ComputerName: WILBUR
2011/08/06 07:32:46.0921 1192 UserName: Matt
2011/08/06 07:32:46.0921 1192 Windows directory: C:\WINDOWS
2011/08/06 07:32:46.0921 1192 System windows directory: C:\WINDOWS
2011/08/06 07:32:46.0921 1192 Processor architecture: Intel x86
2011/08/06 07:32:46.0921 1192 Number of processors: 2
2011/08/06 07:32:46.0921 1192 Page size: 0x1000
2011/08/06 07:32:46.0921 1192 Boot type: Normal boot
2011/08/06 07:32:46.0921 1192 ================================================================================
2011/08/06 07:32:47.0156 1192 Initialize success
2011/08/06 07:33:03.0765 2944 ================================================================================
2011/08/06 07:33:03.0765 2944 Scan started
2011/08/06 07:33:03.0765 2944 Mode: Manual;
2011/08/06 07:33:03.0765 2944 ================================================================================
2011/08/06 07:33:04.0140 2944 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/06 07:33:04.0250 2944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/06 07:33:04.0281 2944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/06 07:33:04.0343 2944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/06 07:33:04.0406 2944 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/08/06 07:33:04.0468 2944 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/06 07:33:04.0546 2944 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/06 07:33:04.0921 2944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/06 07:33:05.0031 2944 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/06 07:33:05.0078 2944 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/06 07:33:05.0109 2944 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/06 07:33:05.0187 2944 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/06 07:33:05.0234 2944 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/06 07:33:05.0312 2944 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/06 07:33:05.0343 2944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/06 07:33:05.0359 2944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/06 07:33:05.0421 2944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/06 07:33:05.0562 2944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/06 07:33:05.0593 2944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/06 07:33:05.0656 2944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/06 07:33:05.0687 2944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/06 07:33:05.0734 2944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/06 07:33:05.0781 2944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/06 07:33:05.0828 2944 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/06 07:33:05.0875 2944 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/06 07:33:05.0968 2944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/06 07:33:06.0000 2944 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/06 07:33:06.0046 2944 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/06 07:33:06.0062 2944 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/08/06 07:33:06.0093 2944 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/06 07:33:06.0109 2944 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/06 07:33:06.0125 2944 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/06 07:33:06.0140 2944 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/08/06 07:33:06.0156 2944 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/06 07:33:06.0187 2944 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/06 07:33:06.0312 2944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/06 07:33:06.0484 2944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/06 07:33:06.0500 2944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/06 07:33:06.0546 2944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/06 07:33:06.0593 2944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/06 07:33:06.0625 2944 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/06 07:33:06.0656 2944 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/06 07:33:06.0718 2944 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/08/06 07:33:06.0781 2944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/06 07:33:06.0828 2944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/06 07:33:06.0937 2944 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
2011/08/06 07:33:06.0953 2944 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
2011/08/06 07:33:07.0062 2944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/06 07:33:07.0187 2944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/06 07:33:07.0234 2944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/06 07:33:07.0281 2944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/06 07:33:07.0328 2944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/06 07:33:07.0390 2944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/06 07:33:07.0421 2944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/06 07:33:07.0453 2944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/06 07:33:07.0546 2944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/06 07:33:07.0687 2944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/06 07:33:07.0718 2944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/06 07:33:07.0968 2944 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/06 07:33:08.0328 2944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/06 07:33:08.0359 2944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/06 07:33:08.0406 2944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/06 07:33:08.0453 2944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/06 07:33:08.0484 2944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/06 07:33:08.0515 2944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/06 07:33:08.0546 2944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/06 07:33:08.0593 2944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/06 07:33:08.0609 2944 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/08/06 07:33:08.0640 2944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/06 07:33:08.0687 2944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/06 07:33:08.0718 2944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/06 07:33:08.0781 2944 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/08/06 07:33:08.0828 2944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/06 07:33:08.0859 2944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/06 07:33:08.0906 2944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/06 07:33:08.0968 2944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/06 07:33:09.0140 2944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/06 07:33:09.0187 2944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/06 07:33:09.0281 2944 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/06 07:33:09.0328 2944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/06 07:33:09.0375 2944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/06 07:33:09.0390 2944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/06 07:33:09.0406 2944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/06 07:33:09.0453 2944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/06 07:33:09.0484 2944 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/06 07:33:09.0515 2944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/06 07:33:09.0546 2944 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/06 07:33:09.0562 2944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/06 07:33:09.0640 2944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/06 07:33:09.0687 2944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/06 07:33:09.0812 2944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/06 07:33:09.0843 2944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/06 07:33:09.0890 2944 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/08/06 07:33:09.0953 2944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/06 07:33:10.0078 2944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/06 07:33:10.0125 2944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/06 07:33:10.0187 2944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/06 07:33:10.0421 2944 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/06 07:33:10.0671 2944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/06 07:33:10.0718 2944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/06 07:33:10.0781 2944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/06 07:33:10.0812 2944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/06 07:33:10.0843 2944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/06 07:33:10.0875 2944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/06 07:33:10.0890 2944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/06 07:33:10.0937 2944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/06 07:33:10.0968 2944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/06 07:33:11.0140 2944 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/08/06 07:33:11.0171 2944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/06 07:33:11.0187 2944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/06 07:33:11.0203 2944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/06 07:33:11.0234 2944 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/06 07:33:11.0343 2944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/06 07:33:11.0375 2944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/06 07:33:11.0390 2944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/06 07:33:11.0406 2944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/06 07:33:11.0437 2944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/06 07:33:11.0468 2944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/06 07:33:11.0500 2944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/06 07:33:11.0546 2944 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/06 07:33:11.0734 2944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/06 07:33:11.0796 2944 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/08/06 07:33:11.0859 2944 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/06 07:33:11.0890 2944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/06 07:33:11.0937 2944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/06 07:33:12.0015 2944 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/08/06 07:33:12.0046 2944 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/08/06 07:33:12.0093 2944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/06 07:33:12.0250 2944 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys
2011/08/06 07:33:12.0296 2944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/06 07:33:12.0328 2944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/06 07:33:12.0406 2944 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/06 07:33:12.0625 2944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/06 07:33:12.0671 2944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/06 07:33:12.0828 2944 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/06 07:33:12.0859 2944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/06 07:33:12.0937 2944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/06 07:33:13.0015 2944 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/08/06 07:33:13.0046 2944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/06 07:33:13.0250 2944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/06 07:33:13.0281 2944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/06 07:33:13.0359 2944 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2011/08/06 07:33:13.0406 2944 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/08/06 07:33:13.0484 2944 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/08/06 07:33:13.0515 2944 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/08/06 07:33:13.0531 2944 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/08/06 07:33:13.0562 2944 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/08/06 07:33:13.0578 2944 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/08/06 07:33:13.0625 2944 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/08/06 07:33:13.0640 2944 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/08/06 07:33:13.0671 2944 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/08/06 07:33:13.0687 2944 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/08/06 07:33:13.0718 2944 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/08/06 07:33:13.0750 2944 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/08/06 07:33:13.0781 2944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/06 07:33:13.0875 2944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/06 07:33:14.0109 2944 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/06 07:33:14.0140 2944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/06 07:33:14.0203 2944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/06 07:33:14.0265 2944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/06 07:33:14.0312 2944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/06 07:33:14.0328 2944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/06 07:33:14.0375 2944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/06 07:33:14.0500 2944 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/08/06 07:33:14.0734 2944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/06 07:33:14.0796 2944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/06 07:33:15.0093 2944 ================================================================================
2011/08/06 07:33:15.0093 2944 Scan finished
2011/08/06 07:33:15.0093 2944 ================================================================================
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 6th, 2011, 6:44 am

Hi. :)

Do you have a copy of the XP installation CD-ROM? As we may have to use this later on.

Reset IE8:

  • Please download this Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to re-apply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.

Next:

Please download the installer for one only of the freeware Anti-Virus applications below...


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

avast! Free Antivirus <-- This is the outdated version 5

To do so, click once on the above in turn to highlight and then click on the Remove button.

Next:

Which ever new Anti-Virus installer you chose to download...

Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Note: If anything was removed by the new AV you chose to install, please save a copy of the report created and post the contents in your next reply, thank you.

Check Hard Disk For Errors:

Press Start >> Run..., then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 7th, 2011, 5:40 pm

Hey Dakeyras,

Unfortunately the installation software was lost in one of our many house moves... Sorry bout that.

When scanning with Avast (after the reinstall) it said "some files could not be scanned"
The file locations were:

C:\program files\avast software\avast\defs\11022400\ (with .dll extensions)
the prefix for all .dll's were:-
-alogo
-aswar
-aswcmnbs
-ascwcmnis
-aswcmnos
-aswengin
-aswscan

I could not find a log report to post???

Here is the log for the other one:

The type of the file system is NTFS.
Volume label is S3A4238D001.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

78148160 KB total disk space.
58625760 KB in 55957 files.
18352 KB in 8121 indexes.
0 KB in bad sectors.
268424 KB in use by the system.
65536 KB occupied by the log file.
19235624 KB available on disk.

4096 bytes in each allocation unit.
19537040 total allocation units on disk.
4808906 allocation units available on disk.


Thanks again
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 8th, 2011, 6:45 am

Hi. :)

Unfortunately the installation software was lost in one of our many house moves... Sorry bout that.
Fair play, we can work around this if the need, change a specific registry setting if what I have planned is required.

When scanning with Avast (after the reinstall) it said "some files could not be scanned"
The file locations were:

C:\program files\avast software\avast\defs\11022400\ (with .dll extensions)
the prefix for all .dll's were:-
-alogo
-aswar
-aswcmnbs
-ascwcmnis
-aswcmnos
-aswengin
-aswscan

I could not find a log report to post???
Not a problem. The above relate to either Avast installation files and or defination database files for the Anti-Virus application itself.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run... and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.

Next...

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:

Let myself know when completed the above, provide myself with a quick update about your machines status and we will go from there, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 9th, 2011, 3:53 am

OK, I have completed all of the above steps..

Internet explorer is running a lot better, but is still having the security certificate issues on secure websites.
Still having all of the same issues with Google Chrome also i.e. Facebook, Hotmail and Banking sites not working correctly.
Windows Explorer hasn't crashed on me in a while so that seems like it may have been fixed.
Windows security center is telling me that my CPU is not protected by a firewall and that Avast reports that my antivirus software may be out of date.

Also to note that after the reinstall of Avast it will not allow me to register the product no matter how many times I click on the register now button.
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 9th, 2011, 9:42 am

Hi. :)

Internet explorer is running a lot better, but is still having the security certificate issues on secure websites.
OK there may still be a underlying problem with the browser itself, so try a reset again if the need. It may be the sites you are visiting are not truly IE8 compatible so try the Compatibility View option as follows...

Click on Tools >> Compatibility View Settings >> either add the sites manually or select the option Display all sites in Compatibility View

It may also be a critical update is missing(or corrupted) for the browser but please do not check for this until I give the all clear....We may also have to consider uninstalling the browser and reinstalling again.

Next:

Still having all of the same issues with Google Chrome also i.e. Facebook, Hotmail and Banking sites not working correctly.
Try the following please...

Click on Start >> Run... and copy and paste the below from the code-box and click on OK

Code: Select all
%USERPROFILE%\AppData\Local\Google\Chrome\User Data
Navigate to the folder called Default in the directory window that opens and and right-click on it and select Rename.

Now rename it at Backup Default. Now launch Google Chrome and check if the issues you have been experiencing have been rectified.

Note: You may have to reapply your custom settings/import bookmarks again etc.

Next:

Windows security center is telling me that my CPU is not protected by a firewall and that Avast reports that my antivirus software may be out of date.

Also to note that after the reinstall of Avast it will not allow me to register the product no matter how many times I click on the register now button.
Run the below batch file please and let myself know if any improvment...

SC Reset:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
net stop winmgmt
rd %systemroot%\system32\wbem\repository
net start winmgmt
  • Go to File >> Save As
  • Save File name as "reset.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.

Double click on reset.bat. A command window will open, when prompted type in Y then hit the enter/return key.

When completed the command window will close. Reboot your computer. <-- Make sure you do this.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: I have the right files this time

Unread postby mrlawler46 » April 11th, 2011, 4:33 am

Hi,

I reset Explorer, did what you asked with Chrome and ran the TFC cleaner.
There appears to be no change with anything as I am still encountering all of the above mentioned problems. Even in compatibility mode on explorer the secure websites will not show. I even attempted to update the certificates and added them to the allow list..... But all to no avail.


Here is the ESET Log File:-


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=57852381fbdd6a458b28271399cd3cd4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-11 08:16:36
# local_time=2011-08-11 06:16:36 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 929345 929345 0 0
# compatibility_mode=768 16777215 100 0 19640508 19640508 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=58437
# found=0
# cleaned=0
# scan_time=2822
mrlawler46
Regular Member
 
Posts: 15
Joined: March 31st, 2011, 9:41 am

Re: I have the right files this time

Unread postby Dakeyras » April 11th, 2011, 7:08 am

Hi. :)

Carry out the below please and let myself know if any changes and we will go from there...

Router Advice:

If you are using a Router, reset it then change the Admin(login) password. Ensure the NAT(Network Address Translation) Firewall is active. If a actual Wireless Router check it is secure....Further information about this can be read here. Finally check for any firmware updates.

If the default password is retained, a remote attacker can install his own server address in between you and your Internet Service Provider. (The default passwords are published).

Custom Batch File:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware