Inactive Windows XP Pro refuses to start normally

rocknroller · 2011/09/01

[Inactive] Windows XP Pro refuses to start normally

Running Win XP Pro w/sp3 on an Asus A8N-E board w 2gb ddr mem and AMD processor. Sysem refuses to start normally and continues to reboot itself, showing the bsod for about 3 seconds (all I have time to read is "windows has a problem, etc...not enough time to get complete message) and starts rebooting unless I choose safe mode prior to the 30 second clock running out. If I choose safe mode it will boot up. I have tried system restore; use last known good configuration,etc. to no avail. All I can get it to do is boot into safe mode. I also tried the "clean boot" process under the run msconfig utility w/ selective startup....still no luck. The machine was running just fine and no new hardware has been added. As to software, only Windows updates and windows security essentials updates. Any ideas or possible solutions will be appreciated. Thanks.....rocknroller...

Evan Omo · 2011/09/01

Hi rocknroller.

Please follow this procedure as indicated at the top of this forum.

rocknroller · 2011/09/02

Dear Mr. Omo, I read the procedure you refer to but cannot follow it because the infected computer will not access the internet. Unless I missed something I am unable to download and run these programs. If you or any member could point me in a work around process or any suggestions about resolving the problem, I would be most appreciative. Thank you.....rocknroller

broni · 2011/09/02

Instead of Safe Mode, restart in Safe Mode with Networking.
You should have connection there.

rocknroller · 2011/09/03

Dear broni, I tried booting up in safe mode w/networking but still cannot connect. I used the Diagnose connection tool and got a message that said "Windows cannot find a wired or wireless connection ". Also, in control panel under network connections, all I get is a blank screen showing no connections. Any suggestions?

Thank you, rocknroller....

broni · 2011/09/03

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

rocknroller · 2011/09/06

Running otlpen,exe

Dear Broni, I d/l this progam to my other dektop (om) and burned to cd. Moving the cd to the damaged machine (dm) and setting the bios to boot first from cd. The dm does not recognize the cd drive yet it shows up on the "my computer" screen therefore no boot from cd. Alyernately, when I boot into safe mode, the machine does not allow the cd drive to run. Any suggestions? Thanks....rocknroller...

also om= operating machine (running win 7)
dm= damaged machine ( running win xp pro)

rocknroller · 2011/09/06

Dear broni, I can't explain it, but I burned the otlp to cd twice; set the dm to boot from cd in the 1st three boot order choices with the sata hd in the 4th slot and put both otlp cd's in the two cd drives and presto....I'm online. The dm never showed that it recognized the otlp program. Anyway, the first thing I did was to update win essentials and run a full scan.Where do I go from here to be sure I have cleaned up this problem? Also I have used a program named Superantispyware that has worked magic for me in the past. I would appreciate your comment on whether or not to use it or something else per your suggestion.....thanks so very much.....rocknroller...

broni · 2011/09/06

Good news then

Please, complete all steps listed HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

rocknroller · 2011/09/07

Requested logs by rocknroller (p1)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7666

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

9/6/2011 10:31:47 PM
mbam-log-2011-09-06 (22-31-47).txt

Scan type: Quick scan
Objects scanned: 251024
Time elapsed: 20 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\uacocdxshyjjo.db (Rootkit.TDSS) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-06 23:54:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000006f ST3160812AS rev.3.AAD
Running: b7119g08[1].exe; Driver: C:\DOCUME~1\LAMAR~1.LAW\LOCALS~1\Temp\uwtdapog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xED684738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xED6847DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xED684878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xED684914]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF75E0A0C]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5977380, 0x21F24D, 0xE8000020]
.text ndistapi.sys!NdisTapiCompleteRequest F7146381 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiCompleteRequest F7146390 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiCompleteRequest F7146399 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiCompleteRequest F71463A8 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiCompleteRequest F71463B2 2 Bytes [70, 7A] {JO 0x7c}
.text ...
.text ndistapi.sys!NdisTapiIndicateStatus + 8 F7146616 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiIndicateStatus + 2A F7146638 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiIndicateStatus + 35 F7146643 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiIndicateStatus + 3D F714664B 2 Bytes [70, 7A] {JO 0x7c}
.text ndistapi.sys!NdisTapiIndicateStatus + 45 F7146653 2 Bytes [70, 7A] {JO 0x7c}
.text ...
.text ndistapi.sys!NdisTapiRegisterProvider + 6 F7146FF0 6 Bytes [C1, 4C, FF, 15, 84, 78]
.text ndistapi.sys!NdisTapiRegisterProvider + E F7146FF8 32 Bytes [8B, 5D, 0C, 88, 45, FF, A1, ...]
.text ndistapi.sys!NdisTapiRegisterProvider + 2F F7147019 40 Bytes [B8, 78, 14, F7, 83, F8, 10, ...]
.text ndistapi.sys!NdisTapiRegisterProvider + 59 F7147043 10 Bytes [8A, 55, FF, 83, C1, 4C, FF, ...]
.text ndistapi.sys!NdisTapiRegisterProvider + 7B F7147065 33 Bytes [0C, 8B, 43, 14, 89, 46, 2C, ...]
.text ...
.text ndistapi.sys!NdisTapiDeregisterProvider + 1D F7147249 39 Bytes [8B, 4E, 08, 3B, 4D, 08, 74, ...]
.text ndistapi.sys!NdisTapiDeregisterProvider + 45 F7147271 74 Bytes [29, 48, 14, A1, 70, 7A, 14, ...]
.text ndistapi.sys!NdisTapiDeregisterProvider + 91 F71472BD 20 Bytes [7E, 04, 89, 56, 08, A1, 70, ...]
.text ndistapi.sys!NdisTapiDeregisterProvider + A7 F71472D3 70 Bytes [A1, 70, 7A, 14, F7, 8B, 48, ...]
.text ndistapi.sys!NdisTapiCompleteRequest + 20 F714731A 21 Bytes [74, 08, 48, 48, 0F, 85, FA, ...]
.text ndistapi.sys!NdisTapiCompleteRequest + 36 F7147330 121 Bytes [00, 00, 8B, 0D, 70, 7A, 14, ...]
.text ndistapi.sys!NdisTapiCompleteRequest + B0 F71473AA 8 Bytes [15, 80, 78, 14, F7, 8B, 75, ...] {ADC EAX, 0xf7147880; MOV ESI, [EBP+0xc]}
.text ndistapi.sys!NdisTapiCompleteRequest + B9 F71473B3 9 Bytes [7E, 10, 00, 8B, 47, 60, 89, ...] {JLE 0x12; ADD [EBX+0x45896047], CL; CLC }
.text ndistapi.sys!NdisTapiCompleteRequest + C3 F71473BD 1 Byte [27]
.text ...
.text mrxsmb.sys F098159C 1 Byte [BC]
.text mrxsmb.sys F09833ED 1 Byte [E9]
.text mrxsmb.sys F0983B12 2 Bytes CALL F09AC82A \SystemRoot\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys F0983DAA 1 Byte [4D]
.text mrxsmb.sys F098416D 1 Byte [F4]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDISTAPI.SYS!NdisTapiCompleteRequest] [F71472EE] \SystemRoot\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDISTAPI.SYS!NdisTapiDeregisterProvider] [F7147220] \SystemRoot\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDISTAPI.SYS!NdisTapiRegisterProvider] [F7146FDE] \SystemRoot\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\TMP000068C6C25A910CB1CAA32E 0 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\arrowTtrim.gif 51 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn-row_bg.gif 91 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_books.gif 1660 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_databases.gif 2041 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_home.gif 2223 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_journals.gif 1891 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_publish.gif 2727 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_refbooks.gif 2436 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_of_txtbooks.gif 1913 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\btn_red_jnlonline.gif 2381 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\callback.js 1792 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\mhead_sage-logo.gif 4941 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\spacer.gif 43 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\Thumbs.db 18944 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\title.gif 796 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\utility.js 14971 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\xmlhttprequest.js 8394 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\Culpability Standards in Section 1983 Litigation Against Criminal Justice Officials When and Why Mental State Matters -- Worrall 47 (1) 28 -- Crime & Delinquency_files\YP060200_1065073_Ad-1_220x4.gif 27128 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\The Supreme Court Requires Area Warrants - Camara V_ Municipal Court City And County, 387 U_S_ 523, 87 S_ Ct_ 1727, 18 L_ Ed_ 2d 930 (1967 search requires warrant)_files\blegtext.gif 530 bytes
File C:\Documents and Settings\Lamar.LAWDOG\desktop\Computer related\Transfer Folder\070407trans\The Supreme Court Requires Area Warrants - Camara V_ Municipal Court City And County, 387 U_S_ 523, 87 S_ Ct_ 1727, 18 L_ Ed_ 2d 930 (1967 search requires warrant)_files\Thumbs.db 3072 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Lamar at 1:05:31 on 2011-09-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.348 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Protection System *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar10.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe "
mRun: [nwiz] nwiz.exe /install
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\\nTune.exe" clear
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe "
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [ASUS Probe] c:\program files\asus\probe\AsusProb.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe "
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\lamar~1.law\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145074580718
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{E78436CA-0224-4FC7-96B6-5F2CB16971C1} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKslb8527005;MpKslb8527005;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{f3750989-9c37-41a2-b1b7-831f795ad364}\MpKslb8527005.sys [2011-9-6 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-6 366640]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-6 22712]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
S1 MpKsl38c8188c;MpKsl38c8188c;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{559158cf-3713-4403-87fa-c6e13dca1138}\mpksl38c8188c.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{559158cf-3713-4403-87fa-c6e13dca1138}\MpKsl38c8188c.sys [?]
S1 MpKsl708a9928;MpKsl708a9928;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5ce4f1c9-d32d-497d-84e4-d4ef89564d2f}\mpksl708a9928.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{5ce4f1c9-d32d-497d-84e4-d4ef89564d2f}\MpKsl708a9928.sys [?]
S1 MpKsl73981109;MpKsl73981109;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{e3b21e43-a0ec-4ada-9f6e-6a58cc1d1fed}\mpksl73981109.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{e3b21e43-a0ec-4ada-9f6e-6a58cc1d1fed}\MpKsl73981109.sys [?]
S1 MpKslb43abbdc;MpKslb43abbdc;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{e9625d31-f2ba-4b26-8ffd-d8084a189fab}\mpkslb43abbdc.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{e9625d31-f2ba-4b26-8ffd-d8084a189fab}\MpKslb43abbdc.sys [?]
S1 MpKsld1f6b864;MpKsld1f6b864;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{f2cfa067-4012-474d-96fa-e8bc79714958}\mpksld1f6b864.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{f2cfa067-4012-474d-96fa-e8bc79714958}\MpKsld1f6b864.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-23 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-6 41272]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
.
=============== Created Last 30 ================
.
2011-09-07 04:56:50 28752 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{f3750989-9c37-41a2-b1b7-831f795ad364}\MpKslb8527005.sys
2011-09-07 04:56:41 7152464 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{f3750989-9c37-41a2-b1b7-831f795ad364}\mpengine.dll
2011-09-07 03:32:00 54016 ----a-w- c:\windows\system32\drivers\hfxi.sys
2011-09-07 03:09:28 -------- d-----w- c:\documents and settings\lamar.lawdog\application data\Malwarebytes
2011-09-07 03:09:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-07 03:09:13 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2011-09-07 03:09:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-07 03:09:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-07 03:06:34 7152464 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-09-06 23:14:15 293376 ----a-w- c:\windows\system32\SET9F.tmp
2011-09-06 23:14:12 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-06 23:14:10 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\SET55.tmp
2011-09-02 00:01:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-02 00:01:29 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-22 15:20:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 1:06:21.38 ===============

.

rocknroller · 2011/09/07

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2006 9:54:19 PM
System Uptime: 9/6/2011 6:09:28 PM (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: AMD Athlon(tm) 64 Processor 4000+ | Socket 939 | 2412/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 68.53 GiB free.
D: is CDROM (UDF)
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1478: 6/9/2011 3:18:55 PM - System Checkpoint
RP1479: 6/11/2011 3:30:24 PM - Software Distribution Service 3.0
RP1480: 6/15/2011 3:42:39 PM - Software Distribution Service 3.0
RP1481: 6/21/2011 10:32:15 PM - Software Distribution Service 3.0
RP1482: 6/22/2011 6:07:16 AM - Software Distribution Service 3.0
RP1483: 6/22/2011 11:36:14 PM - Software Distribution Service 3.0
RP1484: 6/26/2011 8:17:38 PM - Software Distribution Service 3.0
RP1485: 6/28/2011 12:36:36 PM - Software Distribution Service 3.0
RP1486: 6/28/2011 11:56:55 PM - Software Distribution Service 3.0
RP1487: 6/29/2011 12:40:34 AM - Software Distribution Service 3.0
RP1488: 6/30/2011 12:19:21 PM - Software Distribution Service 3.0
RP1489: 6/30/2011 1:37:11 PM - Software Distribution Service 3.0
RP1490: 7/7/2011 10:37:48 AM - Software Distribution Service 3.0
RP1491: 7/7/2011 11:36:53 PM - Software Distribution Service 3.0
RP1492: 7/10/2011 6:28:06 AM - Software Distribution Service 3.0
RP1493: 7/11/2011 5:23:54 PM - System Checkpoint
RP1494: 7/12/2011 10:41:28 PM - Software Distribution Service 3.0
RP1495: 7/12/2011 11:43:42 PM - Software Distribution Service 3.0
RP1496: 7/14/2011 4:19:43 PM - Software Distribution Service 3.0
RP1497: 7/14/2011 11:47:58 PM - Software Distribution Service 3.0
RP1498: 7/17/2011 7:34:01 PM - Software Distribution Service 3.0
RP1499: 7/18/2011 7:28:23 PM - Software Distribution Service 3.0
RP1500: 7/19/2011 12:11:49 AM - Software Distribution Service 3.0
RP1501: 7/19/2011 7:28:20 PM - Software Distribution Service 3.0
RP1502: 7/20/2011 7:39:11 PM - Software Distribution Service 3.0
RP1503: 7/23/2011 7:46:13 PM - Software Distribution Service 3.0
RP1504: 7/24/2011 7:13:54 PM - Software Distribution Service 3.0
RP1505: 7/25/2011 7:00:38 PM - Software Distribution Service 3.0
RP1506: 8/1/2011 11:11:18 AM - Software Distribution Service 3.0
RP1507: 8/1/2011 1:00:13 PM - Software Distribution Service 3.0
RP1508: 8/1/2011 6:41:40 PM - Software Distribution Service 3.0
RP1509: 8/3/2011 7:42:17 PM - Software Distribution Service 3.0
RP1510: 8/5/2011 9:06:44 AM - Software Distribution Service 3.0
RP1511: 8/5/2011 7:04:15 PM - Software Distribution Service 3.0
RP1512: 8/6/2011 7:14:30 PM - Software Distribution Service 3.0
RP1513: 8/7/2011 7:10:30 PM - Software Distribution Service 3.0
RP1514: 8/8/2011 7:20:39 PM - Software Distribution Service 3.0
RP1515: 8/10/2011 9:59:00 AM - Software Distribution Service 3.0
RP1516: 8/10/2011 6:54:11 PM - Software Distribution Service 3.0
RP1517: 8/11/2011 1:21:06 AM - Software Distribution Service 3.0
RP1518: 8/11/2011 7:07:02 PM - Software Distribution Service 3.0
RP1519: 8/12/2011 7:24:13 PM - Software Distribution Service 3.0
RP1520: 8/13/2011 11:42:17 AM - Software Distribution Service 3.0
RP1521: 8/13/2011 6:42:42 PM - Software Distribution Service 3.0
RP1522: 8/14/2011 7:13:48 PM - Software Distribution Service 3.0
RP1523: 8/15/2011 7:07:29 PM - Software Distribution Service 3.0
RP1524: 8/16/2011 6:33:08 PM - Software Distribution Service 3.0
RP1525: 8/18/2011 4:55:02 PM - Restore Operation
RP1526: 8/18/2011 5:10:46 PM - Restore Operation
RP1527: 9/1/2011 1:20:35 PM - Restore Operation
RP1528: 9/1/2011 6:55:55 PM - Restore Operation
RP1529: 9/6/2011 6:15:37 PM - Software Distribution Service 3.0
RP1530: 9/6/2011 10:03:11 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.0.5 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Ask Toolbar
ASUS Probe V2.24.02
AsusUpdate
Athlon 64 Processor Driver
Auction Client
AVG 2011
BufferChm
Camtasia Studio 5
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DameWare NT Utilities
Destination Component
DeviceManagementQFolder
DING!
DocProc
DocProcQFolder
DynGate
eSupportQFolder
Glary Utilities 2.35.0.1216
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 6500
HP Deskjet 6500 Series
HP Imaging Device Functions 9.0
HP Memories Disc
HP OCR Software 9.0
HP Photosmart Essential
HP Product Assistant
HP Scanjet 8270 9.0
HP Scanjet 8290 ISIS/TWAIN Driver
HP Solution Center 9.0
HP Update
hp8200Commercial
hpg8270
HPProductAssistant
InstallMgr
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in beta
Microsoft Office Professional Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA nTune
NvMixer
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
Outlook Express Backup V6.5
PanoStandAlone
Presto! BizCard 4.0 Eng
Readiris Pro 8
Realtek AC'97 Audio
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
ScannerCopy
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShareIns
SolutionCenter
Sonic Activation Module
SUPERAntiSpyware Free Edition
TeamViewer 5
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinUtilities 9.81 Free Edition
.
==== Event Viewer Messages From Past Week ========
.
9/6/2011 6:11:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Lbd
9/6/2011 6:10:45 PM, error: Service Control Manager [7000] - The ASInsHelp service failed to start due to the following error: The system cannot find the file specified.
9/6/2011 4:55:44 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.109.1895.0;1.109.1895.0 Engine version: 1.1.7104.0
9/6/2011 2:03:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/6/2011 2:03:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/6/2011 2:03:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/6/2011 2:03:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/6/2011 2:03:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/6/2011 2:03:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/6/2011 2:02:28 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050a005 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signature version: 1.109.1895.0;1.109.1895.0 Engine version: 1.1.7104.0
9/6/2011 2:02:22 PM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.109.1895.0;1.109.1895.0 Engine version: 1.1.7104.0
9/3/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/3/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 6:33:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/3/2011 6:33:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 6:33:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 6:33:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/3/2011 6:33:50 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 9:57:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 aslm75 Avgldx86 Avgmfx86 Fips Lbd MpFilter SASDIFSV SASKUTIL
9/2/2011 9:53:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2011 9:04:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 9:04:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 9:04:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 9:04:26 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 9:04:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/2/2011 9:04:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/2/2011 8:55:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 aslm75 Avgldx86 Avgmfx86 Avgtdix Fips IPSec Lbd MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
9/2/2011 8:55:27 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2011 8:55:27 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2011 8:55:27 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2011 8:55:27 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/2/2011 8:54:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/2/2011 8:53:58 AM, error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
9/2/2011 7:08:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/2/2011 7:08:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 7:08:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 7:08:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 7:08:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 6:44:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 6:44:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 6:44:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 6:44:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 6:44:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/2/2011 4:29:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: LAWDOG\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 4:29:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: LAWDOG\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 4:29:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: LAWDOG\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 4:29:59 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: LAWDOG\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
9/2/2011 4:29:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.1895.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
9/2/2011 11:24:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/2/2011 11:20:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================

rocknroller · 2011/09/07

Requested logs 090711 by rocknroller

Dear broni. I tried to follow your instructions exactly and hope that the posted log files are what you requested. This was pretty confusing and I apologize for the errors. Please advise me of whatever corrections you want made and I will gladly comply. Thank you very much for all your help and support.....rocknroller...

broni · 2011/09/07

You did just fine

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

rocknroller · 2011/09/09

Combofix.txt file

Dear broni. I think this is the file you told me to post....thanks....rocknroller

ComboFix 11-09-09.04 - Lamar 09/09/2011 23:13:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT -5:00]
Running from: c:\documents and settings\Lamar.LAWDOG\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lamar.LAWDOG\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Lamar.LAWDOG\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Lamar.LAWDOG\Local Settings\Application Data\ApplicationHistory\SL2.tmp.78b29020.ini
c:\documents and settings\Lamar.LAWDOG\Local Settings\Application Data\ApplicationHistory\SL39.tmp.8ff8462a.ini
c:\documents and settings\Lamar.LAWDOG\Local Settings\Application Data\ApplicationHistory\V2iConsole.exe.c490099d.ini
c:\documents and settings\Lamar.LAWDOG\My Documents\Readiris.DUS
c:\documents and settings\Lamar.LAWDOG\WINDOWS
c:\program files\messenger\msmsgsin.exe
c:\windows\system\VCL35.BPL
c:\windows\system32\comct332.ocx
c:\windows\system32\uactmp.db
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-09 19:15 . 2011-09-09 19:15 28752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F7166B1-9D9C-49B7-9DED-B061DF632223}\MpKsla3d23dcc.sys
2011-09-09 19:14 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F7166B1-9D9C-49B7-9DED-B061DF632223}\mpengine.dll
2011-09-07 03:09 . 2011-09-07 03:09 -------- d-----w- c:\documents and settings\Lamar.LAWDOG\Application Data\Malwarebytes
2011-09-07 03:09 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-07 03:09 . 2011-09-07 03:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-09-07 03:09 . 2011-09-07 03:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-07 03:09 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-07 03:06 . 2011-08-12 02:44 7152464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-09-06 23:14 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-06 23:14 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-03 10:17 . 2011-09-03 10:17 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 16:24 . 2011-09-02 16:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2011-09-02 14:57 . 2011-09-02 14:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-09-02 00:01 . 2011-09-02 00:01 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-07 06:21 . 2011-06-02 15:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-12 02:44 . 2011-01-18 21:24 7152464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-15 13:29 . 2001-08-23 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-04-15 02:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-20 17:44 . 2001-08-23 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 15:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar10.dll" [2008-07-17 279944]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-08-18 307200]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "= "SOUNDMAN.EXE" [2004-11-15 77824]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-03-14 30248]
"nwiz "= "nwiz.exe" [2006-03-09 1519616]
"NVMixerTray "= "c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"NVIDIA nTune "= "c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-03-14 46632]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Software Update "= "c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ASUS Probe "= "c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"Acrobat Assistant 7.0 "= "c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AVG_TRAY "= "c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\documents and settings\Lamar.LAWDOG\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-4-25 25214]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-18 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP "= 5900:TCP:vnc5900
"5800:TCP "= 5800:TCP:vnc5800
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 297168]
R1 MpKsl11fb0c2b;MpKsl11fb0c2b;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96465572-C25B-4DBF-ACAD-12711D26991D}\MpKsl11fb0c2b.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96465572-C25B-4DBF-ACAD-12711D26991D}\MpKsl11fb0c2b.sys [?]
R1 MpKsla3d23dcc;MpKsla3d23dcc;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F7166B1-9D9C-49B7-9DED-B061DF632223}\MpKsla3d23dcc.sys [9/9/2011 2:15 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/6/2011 10:09 PM 366640]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 5:17 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/6/2011 10:09 PM 22712]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
S1 MpKsl38c8188c;MpKsl38c8188c;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{559158CF-3713-4403-87FA-C6E13DCA1138}\MpKsl38c8188c.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{559158CF-3713-4403-87FA-C6E13DCA1138}\MpKsl38c8188c.sys [?]
S1 MpKsl708a9928;MpKsl708a9928;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE4F1C9-D32D-497D-84E4-D4EF89564D2F}\MpKsl708a9928.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CE4F1C9-D32D-497D-84E4-D4EF89564D2F}\MpKsl708a9928.sys [?]
S1 MpKsl73981109;MpKsl73981109;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3B21E43-A0EC-4ADA-9F6E-6A58CC1D1FED}\MpKsl73981109.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3B21E43-A0EC-4ADA-9F6E-6A58CC1D1FED}\MpKsl73981109.sys [?]
S1 MpKslb43abbdc;MpKslb43abbdc;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9625D31-F2BA-4B26-8FFD-D8084A189FAB}\MpKslb43abbdc.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9625D31-F2BA-4B26-8FFD-D8084A189FAB}\MpKslb43abbdc.sys [?]
S1 MpKsld1f6b864;MpKsld1f6b864;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2CFA067-4012-474D-96FA-E8BC79714958}\MpKsld1f6b864.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2CFA067-4012-474D-96FA-E8BC79714958}\MpKsld1f6b864.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 3:08 PM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/23/2011 11:05 AM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 3:08 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA3D23DCC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-01 13:26]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:08]
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:08]
.
2011-09-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2011-09-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-09 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2011-09-09 23:18:22
ComboFix-quarantined-files.txt 2011-09-10 04:18
.
Pre-Run: 73,874,505,728 bytes free
Post-Run: 74,147,102,720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 59D5DD18C69CA0F8853C6FEC419EEF0F

broni · 2011/09/09

You have two AV programs installed, AVG and MSE.
You can have only one AV program.
Did you uninstall AVG before running Combofix?

rocknroller · 2011/09/10

Response to AVG

Dear broni,
I have uninstalled the AVG program and intend to use MSE as I believe that to be the better choice. If you suggest otherwise, please advise.

Thank you again for all your help and support.....rocknroller...

broni · 2011/09/10

Much better choice

Post fresh Combofix log.

broni · 2011/09/15

Still with me?

Log in or Sign up

Inactive Windows XP Pro refuses to start normally

rocknroller Inactive Thread Starter

Evan Omo Computer Support Technician Staff

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

rocknroller Inactive Thread Starter

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Windows XP Pro refuses to start normally

rocknroller Inactive Thread Starter

Evan Omo Computer Support Technician Staff

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

rocknroller Inactive Thread Starter

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

rocknroller Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches