Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Infection or OS problems?


  • Please log in to reply
2 replies to this topic

#1 SWWeatherGuy

SWWeatherGuy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 13 April 2012 - 02:30 PM

I could use some help determining if a Dell Latitude D830 laptop is infected or if there has recently be some corruption of Windows XP? It had AVG-Free installed on it for quite some time but Symantec End Point Protection has to be installed on it. The timing of the problems seem to corrospond to that point in time. I can't install/uninstall, update, or run some other utilities (MalwareBytes, SuperAntiSpyware, etc.)

I'm getting a ton of error messages during startup and when trying to open various apps, utilities, etc. The most common are: "Run a DLL as an App"; "Verify class id"; and "(whatever) has encountered a problem and needs to close." I'm not sure if it's an infection or other problem but the PC is not very happy right now.

Thoughts? Help? Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:58 AM

Posted 13 April 2012 - 05:27 PM

It had AVG-Free installed on it for quite some time but Symantec End Point Protection has to be installed on it

Does it mean there is no AV protection as of now?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 13 April 2012 - 09:01 PM

It had AVG-Free installed on it for quite some time but Symantec End Point Protection has to be installed on it

Does it mean there is no AV protection as of now?


Sorry, I meant to say it had to be installed. SEP didn't appear to be operational at first but now seems like it might be. It's hard to tell with how squirrely the PC is acting.

1) Downloaded and tried to run SecurityCheck.exe but it crashed with "(this program) encountered an error and had to be shut down..."

2) Downloaded and ran FSS.exe, results here:
Farbar Service Scanner Version: 01-03-2012
Ran by dwruser (administrator) on 13-04-2012 at 18:48:22
Running from "C:\Documents and Settings\dw\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) DNE(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(12) Tcpip(3)
0x0C000000040000000100000002000000030000000C000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****

3) Downloaded and ran MiniToolBox.exe. While running a "Google Installer had to be shut down..." crash/message popped up but the utility continued to run. This is one of the more common "crash" error messages that seems to randomly popup. Results here:

MiniToolBox by Farbar Version: 18-01-2012
Ran by dwruser (administrator) on 13-04-2012 at 18:52:16
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15212 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=NONE
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : NRDWRSCAssistLT

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth Personal Area Network

Physical Address. . . . . . . . . : 00-1A-6B-E6-78-48



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1C-23-A7-27-40



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1B-77-DF-8F-9F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.58.133

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.58.1

DHCP Server . . . . . . . . . . . : 192.168.58.1

DNS Servers . . . . . . . . . . . : 192.168.58.1

Lease Obtained. . . . . . . . . . : Friday, April 13, 2012 12:00:55 PM

Lease Expires . . . . . . . . . . : Saturday, April 14, 2012 12:00:55 PM

1.58.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.58.1

Name: google.com
Addresses: 74.125.224.174, 74.125.224.161, 74.125.224.166, 74.125.224.162
74.125.224.168, 74.125.224.165, 74.125.224.160, 74.125.224.164, 74.125.224.163
74.125.224.167, 74.125.224.169



Pinging google.com [74.125.224.167] with 32 bytes of data:



Reply from 74.125.224.167: bytes=32 time=66ms TTL=50

Reply from 74.125.224.167: bytes=32 time=71ms TTL=50



Ping statistics for 74.125.224.167:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 66ms, Maximum = 71ms, Average = 68ms

1.58.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.58.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=45ms TTL=51

Reply from 209.191.122.70: bytes=32 time=69ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 69ms, Average = 57ms

1.58.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
Server: UnKnown
Address: 192.168.58.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 6b e6 78 48 ...... Bluetooth Personal Area Network - Teefer2 Miniport
0x3 ...00 1c 23 a7 27 40 ...... Broadcom NetXtreme 57xx Gigabit Controller - Teefer2 Miniport
0x4 ...00 1b 77 df 8f 9f ...... Intel® PRO/Wireless 3945ABG Network Connection - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.58.1 192.168.58.133 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.58.133 192.168.58.133 1
192.168.58.0 255.255.255.0 192.168.58.133 192.168.58.133 25
192.168.58.133 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.58.255 255.255.255.255 192.168.58.133 192.168.58.133 25
224.0.0.0 240.0.0.0 192.168.58.133 192.168.58.133 25
255.255.255.255 255.255.255.255 192.168.58.133 2 1
255.255.255.255 255.255.255.255 192.168.58.133 192.168.58.133 1
255.255.255.255 255.255.255.255 192.168.58.133 3 1
Default Gateway: 192.168.58.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\netware\NWWS2NDS.DLL [36947] (Novell, Inc.)
Catalog5 05 C:\Windows\system32\netware\NWWS2SAP.DLL [32851] (Novell, Inc.)
Catalog5 06 C:\Windows\system32\netware\NWWS2SLP.DLL [49235] (Novell, Inc.)
Catalog9 01 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 02 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 03 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 04 C:\WINDOWS\system32\PGPlsp.dll [68728] (PGP Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\biolsp.dll [212992] (Wave Systems Corp.)
Catalog9 11 C:\WINDOWS\system32\PGPlsp.dll [68728] (PGP Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/13/2012 06:26:47 PM) (Source: Application Error) (User: )
Description: Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting module unknown, version 0.0.0.0, fault address 0x000110b0.
Processing media-specific event for [GoogleUpdate.exe!ws!]

Error: (04/13/2012 06:20:30 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x000097b8.
Processing media-specific event for [rundll32.exe!ws!]

Error: (04/13/2012 06:20:07 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x000097b8.
Processing media-specific event for [rundll32.exe!ws!]

Error: (04/13/2012 06:18:25 PM) (Source: Application Error) (User: )
Description: Faulting application securitycheck.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x0000e212.
Processing media-specific event for [securitycheck.exe!ws!]

Error: (04/13/2012 05:47:15 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/13/2012 05:47:15 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/13/2012 05:26:53 PM) (Source: Application Error) (User: )
Description: Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting module unknown, version 0.0.0.0, fault address 0x000110b0.
Processing media-specific event for [GoogleUpdate.exe!ws!]

Error: (04/13/2012 05:24:25 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: c:\temp\zen-deploy\zcm project\zcm.exe by: Manual scan. Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Error: (04/13/2012 05:11:53 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/13/2012 05:11:53 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (04/13/2012 06:47:24 PM) (Source: Service Control Manager) (User: )
Description: The Novell ZENworks Remote Management powered by VNC service terminated unexpectedly. It has done this 1 time(s).

Error: (04/13/2012 06:46:01 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (04/13/2012 06:44:33 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 4 service terminated unexpectedly. It has done this 1 time(s).

Error: (04/13/2012 00:01:42 PM) (Source: Service Control Manager) (User: )
Description: The Novell ZENworks Agent Service service failed to start due to the following error:
%%2

Error: (04/13/2012 00:01:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (04/13/2012 00:01:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (04/13/2012 00:01:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (04/13/2012 00:01:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (04/13/2012 00:01:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (04/13/2012 00:01:09 PM) (Source: 0) (User: )
Description: 0xC0000243SrtETmpHarddiskVolume2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Action Handler Resources (Version: 10.3.1.58779)
actions-langs (Version: 10.3.1.60756)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
AIO_Scan (Version: 90.0.222.000)
Apple Application Support (Version: 2.0.1)
Apple Software Update (Version: 2.1.3.127)
ArcGIS Desktop 10 (Version: 10.0.2414)
auth-satellite-server-langs (Version: 10.3.1.34036)
Belarc Advisor 8.1
biolsp patch (Version: 01.00.01.0010)
Bluetooth Stack for Windows by Toshiba (Version: v4.31.02.6(D))
Broadcom ASF Management Applications (Version: 10.13.02)
Broadcom Management Programs (Version: 10.15.01)
BufferChm (Version: 90.0.146.000)
bundle-langs (Version: 10.3.1.60756)
C4200 (Version: 90.0.222.000)
C4200_doccd (Version: 90.0.222.000)
c4200_Help (Version: 90.0.222.000)
C4380 (Version: 90.0.222.000)
C4380_doccd (Version: 90.0.222.000)
C4380_Help (Version: 90.0.222.000)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG6200 series MP Drivers
Canon MG6200 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CASA (Version: 1.7.1613)
CCleaner (Version: 3.17)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem
content-distribution-point-langs (Version: 10.3.1.34036)
Copy (Version: 90.0.146.000)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Defraggler (Version: 2.01)
Dell Embassy Trust Suite by Wave Systems (Version: 02.00.00.039)
Dell Touchpad (Version: Version 7.1.101.6)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.205.000)
Digital Line Detect (Version: 1.21)
DNRGarmin (Version: 5.02.0026)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Document Manager Lite (Version: 05.06.00.005)
EMBASSY Security Center (Version: 03.00.00.036)
EMBASSY Security Setup (Version: 03.00.00.035)
ESC Home Page Plugin (Version: 03.00.00.013)
eSupportQFolder (Version: 1.00.0000)
ETS Upgrade (Version: 02.00.00.012)
Fax (Version: 90.0.146.000)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.5)
Google Chrome (Version: 18.0.1025.152)
Google Earth (Version: 6.2.1.6014)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.111)
GroupWise (Version: 7.0.1)
GroupWise Internet Browser Mail Integration
GroupWise Messenger
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
hp photosmart printer series (Remove only)
HP Product Assistant (Version: 100.000.001.000)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
Intel® Graphics Media Accelerator Driver
Intel® Integrated Performance Primitives RTI 4.0 (Version: 4.0.23)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
IntelliSonic Speech Enhancement (Version: 2.1.37)
inventory-langs (Version: 10.3.1.60756)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 7 (Version: 1.6.0.70)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MapSource - US Topo v3.02
MarketResearch (Version: 90.0.146.000)
mCore (Version: 9.24.0000)
mDrWiFi (Version: 9.24.0000)
mHlpDell (Version: 9.24.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Redistributable Files (x86) (Version: 9.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mIWA (Version: 9.24.0000)
mLogView (Version: 9.24.0000)
mMHouse (Version: 9.24.0000)
Modem Diagnostic Tool (Version: 1.0.20.0)
Move Networks Media Player for Internet Explorer
mPfMgr (Version: 9.24.0000)
mPfWiz (Version: 9.24.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.24.0000)
MSN
MSN Toolbar (Version: 3.0.988.2)
mSSO (Version: 9.24.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.24.0000)
mZConfig (Version: 9.24.0000)
NetWaiting (Version: 2.5.44)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
Novell CASA Authentication Token Client (Version: 1.7.1630)
Novell Client for Windows
Novell iPrint Client v04.06.00
Novell ZENworks (Version: 10.3.1.34138)
Novell ZENworks Adaptive Agent Help (Version: 10.3.1.34138)
Novell ZENworks Remote Management (Version: 10.3.1.60778)
O2Micro USB Smart Card Reader (Version: 1.00.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
OpticFilm 7200 (Version: 3.2.0)
PanoStandAlone (Version: 90.0.146.000)
PGP Desktop (Version: 9.12.0.1035)
Pinnacle Instant DVD Recorder (Version: 1.60.110)
policy-langs (Version: 10.3.1.60756)
Policy Action Handler Resources (Version: 10.3.1.42544)
Policy Handler Resources (Version: 10.3.1.42977)
POP-II
PowerDVD (Version: 7.0)
Preboot Manager (Version: 2.0.0.102)
Presto! ImageFolio 4
Presto! Mr. Photo 3
Presto! PageManager 6.07
primary-agent-langs (Version: 10.3.1.34036)
Print Server Driver
PrintKey2000
PS_AIO_02_ProductContext (Version: 90.0.222.000)
PS_AIO_02_Software (Version: 90.0.222.000)
PS_AIO_02_Software_min (Version: 90.0.222.000)
PS_AIO_ProductContext (Version: 90.0.222.000)
PS_AIO_Software (Version: 90.0.222.000)
PS_AIO_Software_min (Version: 90.0.222.000)
PSSWCORE (Version: 2.01.0000)
Publisher for ArcGIS (Version: 5.0.0111)
Python 2.4.1
Python 2.5 numpy-1.0.3
Python 2.5.1
QuickSet (Version: 8.1.12)
QuickTime (Version: 7.70.80.34)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
remotemanagement-langs (Version: 10.3.1.60756)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Scan (Version: 9.0.0.0)
SearchAssist
SigmaTel Audio (Version: 5.10.4820.0)
SilverFast SE CD Documentation 6.4.0
SilverFast UScan-SE
Smart Start UP
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 90.0.146.000)
Sonic Activation Module (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
status-collection-point-langs (Version: 10.3.1.60756)
Status (Version: 90.0.146.000)
Symantec Endpoint Protection (Version: 12.1.1000.157)
TeamViewer 4 (Version: 4.1.9105 )
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
tsp patch (Version: 01.00.00.0000)
UnloadSupport (Version: 9.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
upekmsi (Version: 02.00.02.0010)
usermanagement-langs (Version: 10.3.1.34036)
VideoToolkit01 (Version: 90.0.146.000)
Wave Infrastructure Installer (Version: 03.05.10.0050)
Wave Support Software (Version: 05.04.00.018)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
windows-desktop-langs (Version: 10.3.1.60756)
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0) (Version: 09/25/2006 6.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7) (Version: 02/05/2007 1.1.3.7)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0036.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows NT Messaging
Windows XP Service Pack 3 (Version: 20080414.031525)
WinProxy-langs (Version: 10.3.1.60756)
XTools Pro 4.2 (Version: 4.2)
zencore-agent-langs (Version: 10.3.1.34036)
zennotifyicon-langs (Version: 10.3.1.34036)
ZENworks Action Handlers (Version: 10.3.1.58779)
ZENworks Action Utilities (Version: 10.3.1.24071)
ZENworks Actions (Version: 10.3.1.56690)
ZENworks Agent Authentication Satellite Module (Version: 10.3.1.34138)
ZENworks Agent Bundle Management (Version: 10.3.1.60099)
ZENworks Agent Core Modules (Version: 10.3.1.34138)
ZENworks Agent Inventory Management (Version: 10.3.1.57091)
ZENworks Agent Policy Management (Version: 10.3.1.56690)
ZENworks Agent System Update Module (Version: 10.3.1.34138)
ZENworks Agent WinProxy Module (Version: 10.3.1.54497)
ZENworks Content Distribution Point (Version: 10.3.1.34138)
ZENworks Extensions Libraries (Version: 10.3.1.42544)
ZENworks Image-Safe Data Agent (Version: 10.3.1.60738)
ZENworks Image Management (Version: 10.3.1.54497)
ZENworks Imaging Server (Version: 10.3.1.54497)
ZENworks Information Icon (Version: 10.3.1.34138)
ZENworks Policy Handlers (Version: 10.3.1.55710)
ZENworks Policy Libraries (Version: 10.3.1.42977)
ZENworks Primary Agent (Version: 10.3.1.34138)
ZENworks Remote Management (Version: 10.3.1.55710)
ZENworks Status Collection Point (Version: 10.3.1.54497)
ZENworks Uninstaller (Version: 10.3.1.60834)
ZENworks User Management (Version: 10.3.1.34138)
ZENworks Version Information (Version: 10.3.1.34138)
ZENworks Windows UI (Version: 10.3.1.60750)

========================= Devices: ================================

Name: Mirage Driver
Description: Mirage Driver
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: DemoForge
Service: dfmirage
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 2038.04 MB
Available physical RAM: 1040.13 MB
Total Pagefile: 3921.29 MB
Available Pagefile: 2930.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.69 GB) (Free:64.33 GB) NTFS
3 Drive e: (My Passport) (Fixed) (Total:465.73 GB) (Free:443.83 GB) NTFS

========================= Users: ========================================

User accounts for \\NRDWRSCASSISTLT

Administrator DTSAdmin dwruser
Guest jchristen


**** End of log ****

4) FYI: A version of MalwareBytes was already installed, however, I downloaded MBam-Setup.exe from the link you specified and tried installing. Mid-way through the install I got "Destination Component" prompts that were asking to "install the disk and click ok". I had to click cancel and would get a message(s) similar to "...Destinations.msi not found..." The program did startup and update after canceling out. I did the quick scan and remove specified. During the remove I again got the "Google Installer was shutdown..." error message. Results here:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
dwruser :: NRDWRSCASSISTLT [administrator]

4/13/2012 7:11:26 PM
mbam-log-2012-04-13 (19-11-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266268
Time elapsed: 19 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

5) Downloaded and tried to run aswMBR.exe a couple of times but immediately get the error message "avast! Antirootkit has encountered an error and needs to close..."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users