TechSpot

Laptop problem - struggling to even carry out 6-step preliminary removal

By Timtrash
Sep 11, 2011
  1. Hello

    I am trying to help a friend whose laptop is pretty much at a standstill. I have brought it home and run CCleaner and disc clean up utility, to no avail. I am now trying to carry out the preliminary removal steps, but I am struggling to even get past the first step.

    I downloaded Avast and the other software onto a CD, and installed Avast from the disk onto the laptop. Avast hung on the initial scan after install. So I rebooted, opened the programme and tried to do a full scan. It started and the time counter ticked away, but no files would scan.

    Now I have booted into safe mode and am running a scan, which does look like it is working, but I thought I should check to see if I am going about this the right way before going any further.

    Hope you can help - thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Complete as many steps as you can.
     
  3. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 37

    Thanks Broni. It is still running Avast's full scan, still in safe mode. Been running now for 4 hours 11 minutes, and has been sat at 48 per cent for some time. Some stats in case it's useful:

    Scan speed - 1.1MB per second
    Tested files/folders - 37969/2362
    Amount of data tested - 16.2 GB
    Infected files: 1

    Should I just leave it going overnight?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Keep it going :)
     
  5. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 37

    Hi, this is not looking good! An Avast full scan (safe mode) took 14 hours, with one threat found. I moved it to virus chest, then scheduled a boot-time scan. I did the boot-time scan last night and that took about 6 hours.

    When I finally rebooted into normal mode, I tried to run a full scan (to start the 6-step removal procedure), and the PC flashed up some kind of error message (too fast to read) and rebooted. I tried to run it again. This time it did start, but it would not move.The "kb scanned" rate dropped right down to 8kb, and the "files/folders scanned" wouldn't tick over, leaving the scan hanging on 0 per cent. I don't think it is doing anything so after half an hour of that I turned the PC off (had to go to work!)

    The preliminary removal advice insist that you carry out all steps IN THE ORDER GIVEN. If I am not able to perform a full scan with Avast, what should I do? Try to run the other steps regardless? Hope you can help.

    Thanks
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Skip Avast for now.
     
  7. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 37

    Hi, I managed to carry out scans using Malwarebytes, GMER and Dds, but they all had to be done in safe mode. However, I have spent the last few days trying everything I can think of to get the scan logs off the laptop and onto my PC so I could paste them in a reply. But to no avail, I can't burn to disc in safe mode, and various attempts to get it to recognise as USB stick have failed. I am now wondering if this is even a virus at all and am thinking these kind of problems indicate a hard disk failure. Is there a way to tell for definite either way?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Is there a problem with internet connection?
     
  9. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 37

    I haven't been able to get online. I've been scanning in safe mode with networking but every time I have tried to launch IE and Chrome they just sat there and freeze. However, now, I can't even boot up in safe mode. I get to the welcome screen, click on Administrator to launch it, and it just hangs. Does this evidence point increasingly to hard drive failure I wonder?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  11. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 37

    Hi - it worked! Thanks so much. I have pasted the report contents below.

    OTL logfile created on: 9/17/2011 10:49:58 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1,014.00 Mb Total Physical Memory | 838.00 Mb Available Physical Memory | 83.00% Memory free
    902.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 58.59 Gb Free Space | 78.62% Space Free | Partition Type: NTFS
    Drive D: | 7.46 Gb Total Space | 0.84 Gb Free Space | 11.26% Space Free | Partition Type: FAT32
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- -- (HidServ)
    SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/07/06 14:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\MalwarebytesAnti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2006/09/28 13:56:14 | 000,055,808 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/06 14:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2008/07/12 03:20:02 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/07/12 03:07:09 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2008/05/16 08:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
    DRV - [2008/05/16 08:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
    DRV - [2008/05/16 08:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
    DRV - [2008/05/16 08:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
    DRV - [2008/05/16 08:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
    DRV - [2008/05/16 08:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
    DRV - [2008/05/16 08:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
    DRV - [2008/04/03 00:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
    DRV - [2007/02/16 10:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/12/22 21:56:44 | 000,988,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/22 21:56:00 | 000,209,664 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/22 21:55:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/06/09 19:38:24 | 000,006,909 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
    DRV - [2002/06/20 21:32:50 | 000,014,032 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ax88172.sys -- (AX88172)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator.USER-058F6747B7_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



    O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\User_ON_C..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator.USER-058F6747B7_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/11 12:30:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Videos
    [2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Pictures
    [2011/09/14 02:55:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents\My Music
    [2011/09/13 16:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\Malwarebytes
    [2011/09/13 16:26:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/09/13 16:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/13 16:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/09/13 16:26:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/13 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
    [2011/09/13 16:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/09/11 11:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/09/11 11:48:04 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/09/11 11:48:04 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/09/11 11:47:59 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/09/11 11:47:59 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/09/11 11:47:58 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/09/11 11:43:38 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/09/11 11:43:38 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/09/11 11:43:37 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/09/11 11:23:12 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/09/11 11:22:03 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/09/11 11:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/09/11 11:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/09/11 06:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\SUPERAntiSpyware.com
    [2011/09/11 06:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/09/11 06:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/09/11 06:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/09/11 05:56:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011/09/11 05:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2011/09/11 05:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2011/09/11 05:46:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Recent
    [2011/09/11 05:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/09/11 05:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/09/09 17:49:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Administrative Tools
    [2011/09/09 11:34:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/09/09 09:53:43 | 000,000,000 | ---D | C] -- C:\0544e7f4369e761b41fe2e960fc3
    [2011/09/09 09:24:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data\Microsoft
    [2011/09/09 09:24:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Application Data
    [2011/09/09 09:24:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Cookies
    [2011/09/09 09:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Favorites
    [2011/09/09 09:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop
    [2011/09/09 09:24:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\SendTo
    [2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Startup
    [2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu
    [2011/09/09 09:24:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Accessories
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Templates
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\PrintHood
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\NetHood
    [2011/09/09 09:24:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Local Settings
    [2011/09/09 09:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\My Documents
    [2011/09/09 09:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.USER-058F6747B7\Local Settings\Application Data\Microsoft
    [2011/09/09 05:39:38 | 000,000,000 | ---D | C] -- C:\0cbc7056403b0b6ee7e2c4d32e
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/17 16:28:30 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-1417001333-1003UA.job
    [2011/09/17 16:28:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/17 15:25:20 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\Shortcut to Internet.lnk
    [2011/09/17 14:44:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/13 16:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/11 11:48:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/09/11 11:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/09/11 11:44:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/09/11 11:04:43 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-308236825-1417001333-1003Core.job
    [2011/09/11 10:59:03 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/11 06:03:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/09/11 06:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/09/11 05:47:18 | 000,114,820 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\cc_20110911_104709.reg
    [2011/09/11 05:43:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/09/11 05:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/09/09 12:40:31 | 021,816,824 | ---- | M] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\VolumeCaches.reg
    [2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/17 15:25:20 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\Shortcut to Internet.lnk
    [2011/09/11 11:48:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/09/11 10:59:03 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/11 06:03:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/09/11 05:47:16 | 000,114,820 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\cc_20110911_104709.reg
    [2011/09/11 05:43:09 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/09/09 12:39:12 | 021,816,824 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Desktop\VolumeCaches.reg
    [2011/09/09 09:24:26 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Remote Assistance.lnk
    [2011/09/09 09:24:26 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.USER-058F6747B7\Start Menu\Programs\Windows Media Player.lnk
    [2010/06/23 02:57:30 | 000,069,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2008/11/06 21:26:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
    [2008/08/26 15:36:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/07/25 04:34:46 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dpu10.dll
    [2008/07/23 12:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/07/23 12:48:40 | 001,044,480 | ---- | C] () -- C:\WINDOWS\System32\libdivx.dll
    [2008/07/23 12:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/07/12 03:20:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/07/12 03:11:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2008/07/12 03:11:55 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/07/12 03:11:55 | 000,400,152 | ---- | C] () -- C:\WINDOWS\System32\igxpun.exe
    [2008/07/11 20:21:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/11 12:33:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/11 12:27:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 001,114,896 | ---- | C] () -- C:\WINDOWS\System32\esent97.dll
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,346,112 | ---- | C] () -- C:\WINDOWS\System32\windowscodecsext.dll
    [2008/04/14 08:00:00 | 000,312,348 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,193,024 | ---- | C] () -- C:\WINDOWS\System32\napmontr.dll
    [2008/04/14 08:00:00 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\mapistub.dll
    [2008/04/14 08:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\odbccr32.dll
    [2008/04/14 08:00:00 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\driverquery.exe
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\jgsd400.dll
    [2008/04/14 08:00:00 | 000,040,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\eapsvc.dll
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\adptif.dll
    [2008/04/14 08:00:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\encapi.dll
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/09/28 13:56:14 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\WudfSvc.dll
    [2001/08/17 18:36:34 | 000,077,890 | ---- | C] () -- C:\WINDOWS\System32\usrdpa.dll

    ========== LOP Check ==========

    [2010/02/15 15:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
    [2008/10/30 15:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Snapfish
    [2011/09/11 11:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/11/06 20:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2008/11/17 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2009/01/18 20:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

    ========== Purity Check ==========


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OK, the problem is that I don't see anything malicious there, nor any incorrect setting.
    We're not dealing with malware issue here.

    I suggest you start new topic in Windows forum.
     
  13. Timtrash

    Timtrash TS Rookie Topic Starter Posts: 37

    OK, thank you very much for all of your help with this and for persevering with this thread. I am grateful for the help and advice. I will do as you suggest and begin a new thread, but it looks pretty clear it is the hard drive. Thanks again Broni. All the best.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Could be a hard drive.

    Good luck!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...