TechSpot

Laptop problem - struggling to even carry out 6-step preliminary removal

Inactive
By Timtrash
Sep 11, 2011
  1. Hello

    I am trying to help a friend whose laptop is pretty much at a standstill. I have brought it home and run CCleaner and disc clean up utility, to no avail. I am now trying to carry out the preliminary removal steps, but I am struggling to even get past the first step.

    I downloaded Avast and the other software onto a CD, and installed Avast from the disk onto the laptop. Avast hung on the initial scan after install. So I rebooted, opened the programme and tried to do a full scan. It started and the time counter ticked away, but no files would scan.

    Now I have booted into safe mode and am running a scan, which does look like it is working, but I thought I should check to see if I am going about this the right way before going any further.

    Hope you can help - thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Complete as many steps as you can.
     
  3. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 40

    Thanks Broni. It is still running Avast's full scan, still in safe mode. Been running now for 4 hours 11 minutes, and has been sat at 48 per cent for some time. Some stats in case it's useful:

    Scan speed - 1.1MB per second
    Tested files/folders - 37969/2362
    Amount of data tested - 16.2 GB
    Infected files: 1

    Should I just leave it going overnight?
     
  4. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Keep it going :)
     
  5. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 40

    Hi, this is not looking good! An Avast full scan (safe mode) took 14 hours, with one threat found. I moved it to virus chest, then scheduled a boot-time scan. I did the boot-time scan last night and that took about 6 hours.

    When I finally rebooted into normal mode, I tried to run a full scan (to start the 6-step removal procedure), and the PC flashed up some kind of error message (too fast to read) and rebooted. I tried to run it again. This time it did start, but it would not move.The "kb scanned" rate dropped right down to 8kb, and the "files/folders scanned" wouldn't tick over, leaving the scan hanging on 0 per cent. I don't think it is doing anything so after half an hour of that I turned the PC off (had to go to work!)

    The preliminary removal advice insist that you carry out all steps IN THE ORDER GIVEN. If I am not able to perform a full scan with Avast, what should I do? Try to run the other steps regardless? Hope you can help.

    Thanks
     
  6. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Skip Avast for now.
     
  7. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 40

    Hi, I managed to carry out scans using Malwarebytes, GMER and Dds, but they all had to be done in safe mode. However, I have spent the last few days trying everything I can think of to get the scan logs off the laptop and onto my PC so I could paste them in a reply. But to no avail, I can't burn to disc in safe mode, and various attempts to get it to recognise as USB stick have failed. I am now wondering if this is even a virus at all and am thinking these kind of problems indicate a hard disk failure. Is there a way to tell for definite either way?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Is there a problem with internet connection?
     
  9. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 40

    I haven't been able to get online. I've been scanning in safe mode with networking but every time I have tried to launch IE and Chrome they just sat there and freeze. However, now, I can't even boot up in safe mode. I get to the welcome screen, click on Administrator to launch it, and it just hangs. Does this evidence point increasingly to hard drive failure I wonder?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  11. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 40

    Hi - it worked! Thanks so much. I have pasted the report contents below.

    OTL logfile created on: 9/17/2011 10:49:58 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,014.00 Mb Total Physical Memory | 838.00 Mb Available Physical Memory | 83.00% Memory free
    902.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 58.59 Gb Free Space | 78.62% Space Free | Partition Type: NTFS
    Drive D: | 7.46 Gb Total Space | 0.84 Gb Free Space | 11.26% Space Free | Partition Type: FAT32
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- -- (HidServ)
    SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/07/06 14:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2006/09/28 13:56:14 | 000,055,808 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/06 14:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2008/07/12 03:20:02 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/07/12 03:07:09 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2008/05/16 08:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
    DRV - [2008/05/16 08:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
    DRV - [2008/05/16 08:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
    DRV - [2008/05/16 08:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
    DRV - [2008/05/16 08:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
    DRV - [2008/05/16 08:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
    DRV - [2008/05/16 08:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
    DRV - [2008/04/03 00:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2007/02/16 10:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/12/22 21:56:44 | 000,988,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/22 21:56:00 | 000,209,664 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/22 21:55:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/06/09 19:38:24 | 000,006,909 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
    DRV - [2002/06/20 21:32:50 | 000,014,032 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ax88172.sys -- (AX88172)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator.USER-058F6747B7_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\User_ON_C..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator.USER-058F6747B7_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/11 12:30:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Videos
    [2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Pictures
    [2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Music
    [2011/09/13 16:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\Malwarebytes
    [2011/09/13 16:26:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/09/13 16:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/13 16:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/09/13 16:26:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/13 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
    [2011/09/13 16:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/09/11 11:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/09/11 11:48:04 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/09/11 11:48:04 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/09/11 11:47:59 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/09/11 11:47:59 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/09/11 11:47:58 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/09/11 11:43:38 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/09/11 11:43:38 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/09/11 11:43:37 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/09/11 11:23:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/09/11 11:22:03 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/09/11 11:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/09/11 11:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/09/11 06:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\SUPERAntiSpyware.com
    [2011/09/11 06:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/09/11 06:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/09/11 06:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/09/11 05:56:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011/09/11 05:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2011/09/11 05:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2011/09/11 05:46:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Recent
    [2011/09/11 05:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/09/11 05:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/09/09 17:49:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Administrative Tools
    [2011/09/09 11:34:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/09/09 09:53:43 | 000,000,000 | ---D | C] -- C:\0544e7f4369e761b41fe2e960fc3
    [2011/09/09 09:24:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\Microsoft
    [2011/09/09 09:24:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data
    [2011/09/09 09:24:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Cookies
    [2011/09/09 09:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Favorites
    [2011/09/09 09:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop
    [2011/09/09 09:24:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\SendTo
    [2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Startup
    [2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu
    [2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Accessories
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Templates
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\PrintHood
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\NetHood
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Local Settings
    [2011/09/09 09:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents
    [2011/09/09 09:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Local Settings\Application Data\Microsoft
    [2011/09/09 05:39:38 | 000,000,000 | ---D | C] -- C:\0cbc7056403b0b6ee7e2c4d32e
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/17 16:28:30 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-1417001333-1003UA.job
    [2011/09/17 16:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/17 15:25:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\Shortcut to Internet.lnk
    [2011/09/17 14:44:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/13 16:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/11 11:48:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/09/11 11:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/09/11 11:44:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/09/11 11:04:43 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-1417001333-1003Core.job
    [2011/09/11 10:59:03 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/11 06:03:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/09/11 06:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/09/11 05:47:18 | 000,114,820 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\cc_20110911_104709.reg
    [2011/09/11 05:43:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/09/11 05:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/09/09 12:40:31 | 021,816,824 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\VolumeCaches.reg
    [2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/17 15:25:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\Shortcut to Internet.lnk
    [2011/09/11 11:48:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/09/11 10:59:03 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/11 06:03:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/09/11 05:47:16 | 000,114,820 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\cc_20110911_104709.reg
    [2011/09/11 05:43:09 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/09/09 12:39:12 | 021,816,824 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\VolumeCaches.reg
    [2011/09/09 09:24:26 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Remote Assistance.lnk
    [2011/09/09 09:24:26 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Windows Media Player.lnk
    [2010/06/23 02:57:30 | 000,069,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2008/11/06 21:26:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
    [2008/08/26 15:36:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/25 04:34:46 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dpu10.dll
    [2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/07/23 12:48:40 | 001,044,480 | ---- | C] () -- C:\WINDOWS\System32\libdivx.dll
    [2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/07/12 03:20:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/07/12 03:11:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2008/07/12 03:11:55 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/07/12 03:11:55 | 000,400,152 | ---- | C] () -- C:\WINDOWS\System32\igxpun.exe
    [2008/07/11 20:21:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/11 12:33:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/11 12:27:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 001,114,896 | ---- | C] () -- C:\WINDOWS\System32\esent97.dll
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,346,112 | ---- | C] () -- C:\WINDOWS\System32\windowscodecsext.dll
    [2008/04/14 08:00:00 | 000,312,348 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,193,024 | ---- | C] () -- C:\WINDOWS\System32\napmontr.dll
    [2008/04/14 08:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\mapistub.dll
    [2008/04/14 08:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\odbccr32.dll
    [2008/04/14 08:00:00 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\driverquery.exe
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\jgsd400.dll
    [2008/04/14 08:00:00 | 000,040,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\eapsvc.dll
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\adptif.dll
    [2008/04/14 08:00:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\encapi.dll
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/09/28 13:56:14 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\WudfSvc.dll
    [2001/08/17 18:36:34 | 000,077,890 | ---- | C] () -- C:\WINDOWS\System32\usrdpa.dll

    ========== LOP Check ==========

    [2010/02/15 15:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
    [2008/10/30 15:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Snapfish
    [2011/09/11 11:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/11/06 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2008/11/17 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2009/01/18 20:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

    ========== Purity Check ==========


    < End of report >
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    OK, the problem is that I don't see anything malicious there, nor any incorrect setting.
    We're not dealing with malware issue here.

    I suggest you start new topic in Windows forum.
     
  13. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 40

    OK, thank you very much for all of your help with this and for persevering with this thread. I am grateful for the help and advice. I will do as you suggest and begin a new thread, but it looks pretty clear it is the hard drive. Thanks again Broni. All the best.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Could be a hard drive.

    Good luck!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.