Jump to content

Trojan:JS/Medfos.B continually respawning after fake AV removal


Recommended Posts

Hello. I did a boo-boo last evening and left my browser (and several tabs) open all night. This morning a found my PC had downloaded "System Progressive" fake AV software. I was able to restart in "safe mode" and remove the bugger but is has left behind "Trojan:JS/Medfos.B" which MSE keeps detecting and quarantining every few minutes. Subsequent scans by Malwarebytes, SuperAntiSpyware, Spybot and Windows Malicious Software Removal Tool are detecting nothing....yet MSE keeps snagging this trojan repeatedly. Your expert advice is much appreciated. Attached are DDS logs. Also,...I am running XP SP3. MSE and all other removal tools are up-to-date. Thanks.

DDS.txt LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by HP_Administrator at 10:35:07 on 2013-01-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2280 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\CDBurnerXP\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\ehome\ehtray.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\AGRSMMSG.exe

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll

TB: <No Name>: - LocalServer32 - <no file>

TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iwerv] "c:\windows\system32\rundll32.exe" "c:\documents and settings\hp_administrator\application data\iwerv.dll",write_info

mRun: [inetx] "c:\windows\system32\rundll32.exe" "c:\documents and settings\hp_administrator\application data\inetx.dll",ExtendInittab

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{512FF9AE-C793-40E7-9B97-9794476F9369} : DHCPNameServer = 192.168.1.254

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ld57bql3.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: !HIDDEN! 2013-01-15 09:03; {275d417e-7035-4846-803c-17119088b011}; c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ld57bql3.default\extensions\{275d417e-7035-4846-803c-17119088b011}.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-3-17 13496]

R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2009-6-19 20352]

R1 MpKsle234bcc9;MpKsle234bcc9;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2248a36-0fa2-4e43-9cbb-ee5b1b3e0845}\MpKsle234bcc9.sys [2013-1-15 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2011-11-1 36040]

.

=============== Created Last 30 ================

.

2013-01-15 14:39:15 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2248a36-0fa2-4e43-9cbb-ee5b1b3e0845}\MpKsle234bcc9.sys

2013-01-15 14:37:44 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2248a36-0fa2-4e43-9cbb-ee5b1b3e0845}\offreg.dll

2013-01-15 14:35:26 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e2248a36-0fa2-4e43-9cbb-ee5b1b3e0845}\mpengine.dll

2013-01-15 13:22:37 335872 ----a-w- c:\documents and settings\hp_administrator\application data\inetx.dll

2013-01-15 13:22:26 -------- d-----w- c:\documents and settings\all users\application data\F4F0549BF4787AD20000F4EF5FB684C2

2013-01-15 13:22:10 621568 ----a-w- c:\documents and settings\hp_administrator\application data\iwerv.dll

2013-01-14 14:44:35 6812136 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-01-06 14:46:18 -------- d-----w- c:\documents and settings\hp_administrator\application data\ICAClient

2013-01-06 14:44:33 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Citrix

2013-01-01 15:03:55 -------- d-----w- c:\program files\iPod

2013-01-01 15:03:50 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-01-01 15:00:28 -------- d-----w- c:\program files\Bonjour

2013-01-01 14:54:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2013-01-01 14:54:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-01-01 14:54:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-01-01 14:54:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-01-01 14:54:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-01-01 14:54:55 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-12-31 21:32:27 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-12-31 21:32:27 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-12-31 21:32:27 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2012-12-31 21:32:26 159232 ----a-w- c:\windows\system32\ptpusd.dll

.

==================== Find3M ====================

.

2013-01-09 15:59:01 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 15:59:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-29 11:22:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-29 11:22:37 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-10-29 11:22:36 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-29 11:22:36 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-01-14 22:26:18 7382957 ----a-w- c:\program files\ZipGenius.exe

2009-11-09 15:05:14 16205198 ----a-w- c:\program files\PhotoScapeSetup_V3.4.exe

2009-05-15 19:24:08 1345024 ----a-w- c:\program files\IRFANVIEW423_setup.exe

2009-05-15 12:44:19 1079272 ----a-w- c:\program files\RevoUninstallSetup.exe

2009-05-14 14:06:33 16167336 ----a-w- c:\program files\Realtek AC97 Driver Update.exe

2009-05-12 21:38:05 43083040 ----a-w- c:\program files\AdobeAcrobat9.exe

2009-05-08 14:07:08 40091352 ----a-w- c:\program files\ATI Driver Update.exe

2009-05-08 02:12:46 192000 ----a-w- c:\program files\opd2d.msi

2003-12-29 15:23:02 851968 ----a-w- c:\program files\sfz+.dll

2003-12-19 17:51:18 102400 ----a-w- c:\program files\sfz+.exe

2003-11-28 08:00:00 75922 ----a-w- c:\program files\unins000.exe

.

============= FINISH: 10:35:50.95 ===============

ATTACH.txt LOG:

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 5/7/2009 6:35:20 PM

System Uptime: 1/15/2013 9:01:18 AM (1 hours ago)

.

Motherboard: MSI | | ALBACORE

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2188/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 291 GiB total, 102.84 GiB free.

D: is FIXED (FAT32) - 7 GiB total, 0.153 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is FIXED (NTFS) - 596 GiB total, 261.088 GiB free.

L: is CDROM ()

M: is FIXED (NTFS) - 932 GiB total, 446.205 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1422: 10/17/2012 6:38:32 PM - System Checkpoint

RP1423: 10/18/2012 6:11:59 AM - Software Distribution Service 3.0

RP1424: 10/19/2012 2:26:26 AM - Software Distribution Service 3.0

RP1425: 10/20/2012 7:36:16 AM - Software Distribution Service 3.0

RP1426: 10/21/2012 2:22:39 AM - Software Distribution Service 3.0

RP1427: 10/22/2012 7:11:33 AM - Software Distribution Service 3.0

RP1428: 10/23/2012 7:48:10 AM - System Checkpoint

RP1429: 10/23/2012 1:05:25 PM - Software Distribution Service 3.0

RP1430: 10/24/2012 1:27:12 PM - System Checkpoint

RP1431: 10/24/2012 10:03:26 PM - Software Distribution Service 3.0

RP1432: 10/25/2012 10:24:11 PM - Software Distribution Service 3.0

RP1433: 10/27/2012 3:12:44 AM - Software Distribution Service 3.0

RP1434: 10/28/2012 2:31:32 AM - Software Distribution Service 3.0

RP1435: 10/29/2012 7:22:27 AM - Installed Java 7 Update 9

RP1436: 10/29/2012 7:28:14 AM - Software Distribution Service 3.0

RP1437: 10/29/2012 7:29:38 AM - Removed Java 6 Update 32

RP1438: 10/30/2012 9:40:30 AM - System Checkpoint

RP1439: 10/31/2012 6:50:07 AM - Software Distribution Service 3.0

RP1440: 11/1/2012 7:07:29 AM - System Checkpoint

RP1441: 11/2/2012 7:01:40 AM - Software Distribution Service 3.0

RP1442: 11/3/2012 9:00:24 AM - System Checkpoint

RP1443: 11/3/2012 5:45:09 PM - Software Distribution Service 3.0

RP1444: 11/4/2012 1:55:16 AM - Software Distribution Service 3.0

RP1445: 11/5/2012 6:03:06 AM - Software Distribution Service 3.0

RP1446: 11/6/2012 7:58:24 AM - System Checkpoint

RP1447: 11/6/2012 12:32:12 PM - Software Distribution Service 3.0

RP1448: 11/7/2012 2:43:16 PM - System Checkpoint

RP1449: 11/7/2012 5:29:06 PM - Software Distribution Service 3.0

RP1450: 11/8/2012 5:28:14 PM - Software Distribution Service 3.0

RP1451: 11/9/2012 5:27:56 PM - Software Distribution Service 3.0

RP1452: 11/10/2012 6:35:13 PM - System Checkpoint

RP1453: 11/11/2012 2:12:17 AM - Software Distribution Service 3.0

RP1454: 11/12/2012 6:46:30 AM - Software Distribution Service 3.0

RP1455: 11/13/2012 8:03:03 AM - System Checkpoint

RP1456: 11/13/2012 4:18:02 PM - Software Distribution Service 3.0

RP1457: 11/14/2012 10:32:07 AM - Software Distribution Service 3.0

RP1458: 11/15/2012 12:01:56 AM - Software Distribution Service 3.0

RP1459: 11/16/2012 12:06:32 AM - System Checkpoint

RP1460: 11/16/2012 7:01:30 AM - Software Distribution Service 3.0

RP1461: 11/17/2012 8:07:39 AM - System Checkpoint

RP1462: 11/17/2012 10:27:18 AM - Software Distribution Service 3.0

RP1463: 11/18/2012 11:33:03 AM - System Checkpoint

RP1464: 11/18/2012 12:52:28 PM - Software Distribution Service 3.0

RP1465: 11/19/2012 1:37:53 PM - System Checkpoint

RP1466: 11/20/2012 12:05:15 AM - Software Distribution Service 3.0

RP1467: 11/21/2012 12:08:53 AM - System Checkpoint

RP1468: 11/21/2012 12:44:02 AM - Software Distribution Service 3.0

RP1469: 11/22/2012 7:22:20 AM - Software Distribution Service 3.0

RP1470: 11/23/2012 8:44:53 AM - Software Distribution Service 3.0

RP1471: 11/24/2012 10:23:47 AM - System Checkpoint

RP1472: 11/24/2012 5:59:27 PM - Software Distribution Service 3.0

RP1473: 11/25/2012 2:28:41 AM - Software Distribution Service 3.0

RP1474: 11/26/2012 6:54:38 AM - Software Distribution Service 3.0

RP1475: 11/27/2012 7:25:12 AM - Software Distribution Service 3.0

RP1476: 11/28/2012 8:18:53 AM - System Checkpoint

RP1477: 11/28/2012 10:13:43 PM - Software Distribution Service 3.0

RP1478: 11/30/2012 6:58:33 AM - Software Distribution Service 3.0

RP1479: 12/1/2012 7:03:53 AM - System Checkpoint

RP1480: 12/1/2012 2:03:50 PM - Software Distribution Service 3.0

RP1481: 12/2/2012 2:29:57 AM - Software Distribution Service 3.0

RP1482: 12/3/2012 7:01:24 AM - Software Distribution Service 3.0

RP1483: 12/4/2012 7:05:26 AM - System Checkpoint

RP1484: 12/4/2012 8:51:31 AM - Software Distribution Service 3.0

RP1485: 12/5/2012 9:06:09 AM - System Checkpoint

RP1486: 12/5/2012 11:10:22 AM - Software Distribution Service 3.0

RP1487: 12/6/2012 9:02:16 AM - Unsigned driver install

RP1488: 12/6/2012 6:12:36 PM - Software Distribution Service 3.0

RP1489: 12/7/2012 6:02:39 PM - Software Distribution Service 3.0

RP1490: 12/8/2012 6:02:37 PM - Software Distribution Service 3.0

RP1491: 12/9/2012 2:16:49 AM - Software Distribution Service 3.0

RP1492: 12/9/2012 6:02:31 PM - Software Distribution Service 3.0

RP1493: 12/10/2012 6:03:05 PM - Software Distribution Service 3.0

RP1494: 12/11/2012 6:40:03 PM - System Checkpoint

RP1495: 12/12/2012 5:15:56 AM - Software Distribution Service 3.0

RP1496: 12/12/2012 11:35:53 AM - Software Distribution Service 3.0

RP1497: 12/13/2012 7:20:32 AM - Software Distribution Service 3.0

RP1498: 12/14/2012 7:43:04 AM - Software Distribution Service 3.0

RP1499: 12/15/2012 8:08:24 AM - System Checkpoint

RP1500: 12/15/2012 7:47:48 PM - Software Distribution Service 3.0

RP1501: 12/16/2012 8:50:54 AM - Software Distribution Service 3.0

RP1502: 12/17/2012 8:51:30 AM - System Checkpoint

RP1503: 12/17/2012 4:31:56 PM - Software Distribution Service 3.0

RP1504: 12/18/2012 4:50:44 PM - Software Distribution Service 3.0

RP1505: 12/19/2012 7:12:36 PM - System Checkpoint

RP1506: 12/19/2012 8:28:32 PM - Software Distribution Service 3.0

RP1507: 12/20/2012 9:33:32 PM - Software Distribution Service 3.0

RP1508: 12/21/2012 8:08:10 AM - Software Distribution Service 3.0

RP1509: 12/21/2012 10:48:26 PM - Software Distribution Service 3.0

RP1510: 12/23/2012 12:24:57 AM - System Checkpoint

RP1511: 12/23/2012 2:31:10 AM - Software Distribution Service 3.0

RP1512: 12/24/2012 7:24:15 AM - Software Distribution Service 3.0

RP1513: 12/25/2012 7:34:13 AM - Software Distribution Service 3.0

RP1514: 12/26/2012 7:59:14 AM - System Checkpoint

RP1515: 12/26/2012 8:52:26 AM - Software Distribution Service 3.0

RP1516: 12/27/2012 12:08:31 PM - System Checkpoint

RP1517: 12/27/2012 1:29:26 PM - Software Distribution Service 3.0

RP1518: 12/28/2012 1:41:39 PM - System Checkpoint

RP1519: 12/28/2012 9:07:57 PM - Software Distribution Service 3.0

RP1520: 12/30/2012 2:12:25 AM - Software Distribution Service 3.0

RP1521: 12/31/2012 7:44:20 AM - Software Distribution Service 3.0

RP1522: 1/1/2013 8:46:44 AM - System Checkpoint

RP1523: 1/1/2013 9:47:16 AM - Installed Apple Software Update

RP1524: 1/1/2013 10:18:20 AM - Software Distribution Service 3.0

RP1525: 1/2/2013 11:23:20 AM - System Checkpoint

RP1526: 1/2/2013 7:54:49 PM - Software Distribution Service 3.0

RP1527: 1/3/2013 8:14:57 PM - System Checkpoint

RP1528: 1/3/2013 10:19:33 PM - Software Distribution Service 3.0

RP1529: 1/4/2013 8:18:03 AM - Software Distribution Service 3.0

RP1530: 1/5/2013 7:35:47 AM - Software Distribution Service 3.0

RP1531: 1/6/2013 8:50:51 AM - Software Distribution Service 3.0

RP1532: 1/7/2013 9:50:55 AM - System Checkpoint

RP1533: 1/8/2013 6:40:04 AM - Software Distribution Service 3.0

RP1534: 1/9/2013 7:18:08 AM - Software Distribution Service 3.0

RP1535: 1/9/2013 3:34:57 PM - Software Distribution Service 3.0

RP1536: 1/10/2013 7:36:04 AM - Software Distribution Service 3.0

RP1537: 1/11/2013 8:21:37 AM - Software Distribution Service 3.0

RP1538: 1/12/2013 9:51:26 AM - System Checkpoint

RP1539: 1/12/2013 4:09:23 PM - Software Distribution Service 3.0

RP1540: 1/13/2013 7:09:57 AM - Software Distribution Service 3.0

RP1541: 1/14/2013 8:26:48 AM - System Checkpoint

RP1542: 1/14/2013 9:44:31 AM - Software Distribution Service 3.0

RP1543: 1/15/2013 4:00:25 AM - Software Distribution Service 3.0

RP1544: 1/15/2013 9:35:15 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

7-Zip 4.65

AAS - Swatches Sound Bank

ACID Xpress 7.0

Acoustica Effects Pack

Acoustica Mixcraft 4.5

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Agere Systems PCI Soft Modem

AiO_Scan

AiOSoftware

Amazon MP3 Downloader 1.0.17

AnalogX AudioArpeg

Another World 1.1b

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applied Acoustics Systems - Ultra Analog VA-1 v1.1.2

Artweaver 0.5

ASIO4ALL

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

Auslogics Disk Defrag

BIAS SoundSoap 2.4

Blackhawk Striker 2 from HP Media Center (remove only)

Blasterball 2 from HP Media Center (remove only)

Blasterball 2 Holidays from HP Media Center (remove only)

Blasterball 2 Remix from HP Media Center (remove only)

Bome's SendSX V1.30beta3

Bonjour

Bounce Symphony from HP Media Center (remove only)

BufferChm

CameraDrivers

Canon iP4300

Canon iP4300 User Registration

Canon My Printer

Canon Setup Utility 2.3

Canon Utilities Easy-PhotoPrint

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner

CDBurnerXP

Copy

CP_AtenaShokunin1Config

cp_dwSharkTaleAlbums1

cp_dwSharkTaleCards1

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CP_PLSBusinessFlyers

CreativeProjects

CreativeProjectsTemplates

Critical Update for Windows Media Player 11 (KB959772)

Crystal Maze from HP Media Center (remove only)

CueTour

Destinations

Director

discoDSP HighLife v1.4

DocProc

DocumentViewer

E-mu Systems E-Loader 1.1

E-MU USB-MIDI Windows Drivers

Easy-WebPrint

Easy Internet Sign-up

Enhanced Multimedia Keyboard Solution

EWQL Orchestra Free Content Part 2

EWQL Orchestra Free Content Part 3

EWQL Orchestra Free Edition

Exact Audio Copy 0.99pb3

Fax

Final Drive Nitro from HP Media Center (remove only)

FLAC 1.2.1b (remove only)

foobar2000 v1.1.10

GemMaster Mystic

GIMP 2.6.6

Google Update Helper

Help and Support Additions

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP Deskjet Printer Preload

HP Help and Support 4.0

HP Image Zone 4.8.6

HP Image Zone for Media Center PC

HP Image Zone Plus 4.8.6

HP LaserJet P1000 series

HP Photosmart Cameras 4.5

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HP Tunes

HPCarePackCore

HPCarePackProducts

HPIZplus450

HpSdpAppCoreApp

HPSSupply

HPSystemDiagnostics

InstantShare

Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32

IntelliMover Data Transfer Demo

InterVideo WinDVD Player

IrfanView (remove only)

iTunes

iZotope Vinyl

Java 7 Update 9

Java Auto Updater

KRISTAL Audio Engine

Lexibox Deluxe from HP Media Center (remove only)

LS_HSI

LUXONIX LFX-1310

M30 Reverb

Malwarebytes Anti-Malware version 1.70.0.1100

Medieval CUE Splitter

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Security Update (KB2698035)

Microsoft .NET Framework 1.0 Security Update (KB2742607)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Plus! Dancer LE

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Security Client

Microsoft Security Essentials

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MIDI-OX

Moffsoft FreeCalc

Monkey's Audio

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MrvlUsgTracking

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

MultitrackStudio Lite 6.41

muvee autoProducer 4.0

muvee autoProducer unPlugged - HPD

OpD2d

OpenOffice.org 3.1

Otto

Overball from HP Media Center (remove only)

Overloud BREVERB audioMIDI.com 1.5.4 VST

Paint.NET v3.5.10

PanoStandAlone

PC-Doctor for Windows

Phoenix Assault from HP Media Center (remove only)

PhotoFiltre

PhotoGallery

PhotoScape

Photosmart 320,370,7400,8100,8400 Series

Pod to PC, v2.51

Polar Bowler from HP Media Center (remove only)

Polar Golfer from HP Media Center (remove only)

PrintScreen

Proteus VX

PS2

PSPrinters06

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

QFolder

QuickProjects

QuickTime

Readme

RealPlayer

Realtek AC'97 Audio

REAPER

Remove Microsoft Money 2005 installer

Remove Quicken New User Edition installer

Reverberate LE 1.000

Revo Uninstaller 1.83

rgc:audio sfz VSTi v1.96

rgc:audio sfz+ VSTi v1.01

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SFPack

Shooting Stars Pool from HP Media Center (remove only)

shortcircuit

Skins

SkinsHP1

Slyder from HP Media Center (remove only)

Smart Defrag 2

Sonic Encoders

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sound-Record Waspy LE VSTi 1.1

Sound Bridge 2.5.1

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SpywareBlaster 4.6

Super Granny from HP Media Center (remove only)

SUPERAntiSpyware

Sweet MIDI Arpeggiator 32 (remove only)

SyncToy 2.1 (x86)

Tradewinds from HP Media Center (remove only)

trakAxPC

TrayApp

TuneClone 1.35

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB969497)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB913800)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Updates from HP

VLC media player 0.9.9

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see KB889858 for more information]

Windows Media Player 11

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB888316

Windows XP Media Center Edition 2005 KB890629

Windows XP Media Center Edition 2005 KB895678

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

winLAME 2010 beta 1

WinRAR archiver

World of Warcraft FREE Trial

Wusikstation V5.8.6 VSTi

Yamaha USB-MIDI Driver

ZipGenius 6 (6.2.0.2015)

.

==== Event Viewer Messages From Past Week ========

.

1/15/2013 9:03:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: fasttx2k

1/15/2013 8:55:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

1/15/2013 8:55:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/15/2013 8:54:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips MpFilter SASDIFSV SASKUTIL

1/15/2013 8:50:17 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/15/2013 8:49:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Receiver Service service to connect.

1/15/2013 8:40:42 AM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).

1/15/2013 8:40:37 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:40:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

1/15/2013 8:40:36 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/15/2013 8:40:36 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

1/15/2013 8:36:49 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.

1/15/2013 8:36:49 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/15/2013 8:36:18 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:25:23 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

1/15/2013 8:25:23 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/15/2013 8:25:05 AM, error: Service Control Manager [7000] - The Media Center Extender Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/15/2013 8:25:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Extender Service service to connect.

1/15/2013 8:24:59 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:54 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:53 AM, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).

1/15/2013 8:24:49 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:44 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:39 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:38 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

1/15/2013 8:24:33 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:28 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SAS Core Service service to connect.

1/15/2013 8:24:26 AM, error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/15/2013 8:24:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

1/15/2013 8:24:24 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/15/2013 8:24:23 AM, error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:24:23 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:24:23 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:24:23 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:24:23 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:24:23 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

1/15/2013 8:24:23 AM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

1/15/2013 8:24:23 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

1/15/2013 8:24:23 AM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:23 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/15/2013 8:24:23 AM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

1/15/2013 8:24:23 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the prompt help, MrCharlie. RogueKiller scan is complete. Here is the log:

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : HP_Administrator [Admin rights]

Mode : Scan -- Date : 01/15/2013 11:25:28

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] Alcxmntr.exe -- C:\WINDOWS\Alcxmntr.exe -> KILLED [TermProc]

[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll -> KILLED [TermProc]

[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\HP_Administrator\Application Data\inetx.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : iwerv ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll",write_info) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Run : inetx ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\HP_Administrator\Application Data\inetx.dll",ExtendInittab) -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xACBD4640)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALS-00Z8A0 +++++

--- User ---

[MBR] b5991678e59087a97f314a890bd4e832

[bSP] 9981f66ee03fdacb7b6406cefc1004e3 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953866 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00L9A0 +++++

--- User ---

[MBR] 69cccfee98abcbce44f84e2c04b54bc4

[bSP] f5a8661b6655ff2e6feb07f2282080c6 : Legit2 MBR Code

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 6873 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14076720 | Size: 298361 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD6400AAKS-00A7B2 +++++

--- User ---

[MBR] c293f75b7f8a77d90070c23da97d090b

[bSP] c1a65cacc61836cc1f25ae1f068384b4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01152013_02d1125.txt >>

RKreport[1]_S_01152013_02d1125.txt

Link to post
Share on other sites

Before we continue we need some samples from your system.

On your desktop should be a RK_Quarantine folder, can you open it up and see if these files are there:

iwerv.dll

inetx.dll

The should be renamed to:

iwerv.dll.vir

inetx.dll.vir

If they're present, please zip up the RK_Quarantine folder and attach it.

Also please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OK, I changed things a little, the RogueKiller part is OK and what we need, I messed up on the OTL part...please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

MOD - [2013/01/15 08:22:14 | 000,621,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll

[2013/01/15 09:03:47 | 000,004,033 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ld57bql3.default\extensions\{275d417e-7035-4846-803c-17119088b011}.xpi

O4 - HKLM..\Run: [inetx] C:\Documents and Settings\HP_Administrator\Application Data\inetx.dll (ALPS Electric Co., Ltd.)

O4 - HKLM..\Run: [iwerv] C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll ()

[2013/01/15 08:22:37 | 000,335,872 | ---- | C] (ALPS Electric Co., Ltd.) -- C:\Documents and Settings\HP_Administrator\Application Data\inetx.dll

[2013/01/15 08:22:14 | 000,621,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll

[2013/01/15 08:22:10 | 000,621,568 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now zip up the C:\_OTL\MovedFiles folder and attach it.

Thanks.....MrC

MrC

Link to post
Share on other sites

Okay MrCharlie. I attached the OTL "Moved Files" folder and listed below is the latest OTL log:

========== OTL ==========

Releasing module C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll

C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll moved successfully.

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ld57bql3.default\extensions\{275d417e-7035-4846-803c-17119088b011}.xpi moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\inetx deleted successfully.

C:\Documents and Settings\HP_Administrator\Application Data\inetx.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iwerv deleted successfully.

File C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll not found.

File C:\Documents and Settings\HP_Administrator\Application Data\inetx.dll not found.

File C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll not found.

File C:\Documents and Settings\HP_Administrator\Application Data\iwerv.dll not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01152013_131907

MovedFiles.zip

Link to post
Share on other sites

Just get these as before, just post the log when done:

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKU\S-1-5-21-3732398877-1960152780-4095213453-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

[2012/04/06 15:46:31 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-iNvE6FDbZpmf4rr

[2012/04/06 15:46:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-iNvE6FDbZpmf4r

[2012/04/06 15:46:19 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iNvE6FDbZpmf4r

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok MrCharlie. I have ComboFix running on the infected computer. I wll post the results when the scan is complete. Meanwhile, attached below is the latest OTL "Moved Files" folder and latest OTL log:

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3732398877-1960152780-4095213453-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.

C:\Documents and Settings\All Users\Application Data\-iNvE6FDbZpmf4rr moved successfully.

C:\Documents and Settings\All Users\Application Data\-iNvE6FDbZpmf4r moved successfully.

C:\Documents and Settings\All Users\Application Data\iNvE6FDbZpmf4r moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01152013_135105

MovedFiles.zip

Link to post
Share on other sites

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

Looks Good, lets check the system for any adware.........

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Nothing to worry about............

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.