Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG uninstalled-ComboFix still detects it?


  • Please log in to reply
33 replies to this topic

#1 oldgnarly

oldgnarly

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 04:57 PM

Hi,

If I knew what I was doing I wouldn't be here.
I was uninstalling a trial version of AVG 2012- I even went to their site, followed the instructions, downloaded and ran the two apps they suggested.
On the second app, the computer self-restarted. The first app required I log in as I would expect. The second restart showed the background image only- no taskbar, so start buttons, no shortcuts- just the image. Tried to use ComboFix. It warned that AVG was still running. I closed Firefox. ComboFix gave this error message-

"Warning!!

antivirus: AVG Internet Security 2012

The above real time scanner(s)are still active but ComboFix shall
continue to run. Kindly note that this is at your own risk."

For obvious reasons, I have not hit the "OK" button. So apparently the program is waiting for me. But I will wait for an answer on this forum, and just leave it.

I did the full uninstall procedure, I believe I may be safe- but I will wait for some more experienced advice before proceeding. This is an old, tired computer- but that doesn't mean I'm ready to say goodbye.

oldgnarly

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:47 PM

Posted 22 September 2012 - 05:21 PM

why do you want to run combofix?

#3 oldgnarly

oldgnarly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 05:30 PM

Why?

I saw a bunch of recommendations using a search engine. It seems to get results.


oldgnarly

#4 OSO ROJO

OSO ROJO

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Salt Lake City, UT
  • Local time:06:47 PM

Posted 22 September 2012 - 05:42 PM

Just a friendly note .. :busy:

DO NOT RUN ComboFix unless requested to. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:47 PM

Posted 22 September 2012 - 05:45 PM

Read this

http://www.bleepingcomputer.com/forums/topic273628.html

If you want to ignore my warning and run combofix,try this fix to remove AVG completely

Press windows+R key and type

cmd and click ok and run these commands

net stop winmgmt /y
cd %windir%\system32\wbem
ren repository repository.old
net start winmgmt /y


good luck

Edited by narenxp, 22 September 2012 - 06:12 PM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:47 PM

Posted 22 September 2012 - 06:15 PM

First question...why did you try to run ComboFix?

http://www.bleepingcomputer.com/combofix/how-to-use-combofix , see 3d paragraph starting "You should not run ComboFix....".

ComboFix usage, Questions, Help - Look here - http://www.bleepingcomputer.com/forums/topic273628.html

Does the system have a malware problem?

Louis

#7 oldgnarly

oldgnarly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 06:17 PM

GOOD LUCK.

DON'T RUN.

Very encouraging. But as I stated in my first post, it is running-waiting for me to hit the "OK" button. I would like a definitive response to my question. Is it possible to stop this program (ComboFix)in-process to continue attempting to remove AVG? It certainly seems to be no more than a dream that software writers would be able to write a proper, effective program to uninstall their own software. I opened REGEDIT and found several files marked AVG after I ran Add/Remove Programs, and both programs AVG itself advised for removal. To me, any program that refuses to do as instructed by one with administrative privileges isn't any better than malware- what is the difference?
I had initially attempted to uninstall AVG2012 after it expired. The 30-day trial was loaded with features that made the computer slow. I wanted to delete AVG and return to the free version, because it caused fewer problems. The uninstall process left me with no taskbar or desktop, nothing but the background image. I did what I felt was prudent to restore normal operation.
I did not find any warnings about WHO should be running ComboFix, or what procedure to follow. I downloaded it from the first site I saw- and that didn't help. I just wonder why ComboFix would be on sites without the warnings I have found here.
So- can I stop ComboFix?

oldgnarly

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 PM

Posted 22 September 2012 - 06:30 PM

Yes you can stop combofix.
Hit control alt delete and stop it that way.

Here is the link to the removal tool.
http://kb.eset.com/esetkb/index?page=content&id=SOLN146

#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 PM

Posted 22 September 2012 - 06:31 PM

Also you say that you downloaded it from the first site you came across only bleeping computer has the official link.

#10 oldgnarly

oldgnarly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 06:56 PM

OK

Used Task Manager to "End Process" on the only file I could associate with ComboFix- NirCmd.3xe. Once I did that, other files appeared in Task Manager that were also listed as associated with ComboFix according to this post form this site by "quietman7":

"PEV.exe
NirCmd.3XE
PEV.3XE
SED
GREP
any file that has the extension *.3XE"

Once the other files popped up, I right-clicked on them and selected "End Process". This ended the complete session. As far as I know.
Now what? I am a little worried about restarting the computer. BTW, the Desktop appeared normal after I closed Firefox in the procedure I mentioned at first.


oldgnarly

#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 PM

Posted 22 September 2012 - 07:05 PM

I meant kill it through the applications tab.

Reboot your machine and do the following.
Download

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Download
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

Run it check all the boxes let it finish post the log here.


Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner



Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
http://download.sysinternals.com/files/Autoruns.zip

#12 oldgnarly

oldgnarly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 07:44 PM

Post entire log?



oldgnarly

#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:47 PM

Posted 22 September 2012 - 07:50 PM

Post each log seperate yes. :)

#14 oldgnarly

oldgnarly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 07:57 PM

First log


MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 22-09-2012 at 17:40:26
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : tania-3d6ee56a9

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)

Physical Address. . . . . . . . . : 00-50-DA-B6-E4-84

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.45

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, September 22, 2012 5:36:04 PM

Lease Expires . . . . . . . . . . : Sunday, September 23, 2012 5:36:04 PM

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.33.8, 173.194.33.9, 173.194.33.14, 173.194.33.0
173.194.33.1, 173.194.33.2, 173.194.33.3, 173.194.33.4, 173.194.33.5
173.194.33.6, 173.194.33.7



Pinging google.com [173.194.33.7] with 32 bytes of data:



Reply from 173.194.33.7: bytes=32 time=27ms TTL=55

Reply from 173.194.33.7: bytes=32 time=28ms TTL=55



Ping statistics for 173.194.33.7:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=108ms TTL=44

Reply from 98.139.183.24: bytes=32 time=322ms TTL=44



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 108ms, Maximum = 322ms, Average = 215ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 da b6 e4 84 ...... 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.45 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.45 192.168.1.45 20
192.168.1.45 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.45 192.168.1.45 20
224.0.0.0 240.0.0.0 192.168.1.45 192.168.1.45 20
255.255.255.255 255.255.255.255 192.168.1.45 192.168.1.45 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/22/2012 00:24:45 PM) (Source: MsiInstaller) (User: TANIA-3D6EE56A9)TANIA-3D6EE56A9
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27023. CA_Error27023: ToolbarStuff(0xE001003D): Toolbar install/uninstall failed

Error: (09/20/2012 06:52:12 PM) (Source: Application Error) (User: )
Description: Faulting application uninstall.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [uninstall.exe!ws!]

Error: (09/17/2012 11:13:34 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/09/2012 10:42:28 PM) (Source: Application Hang) (User: )
Description: Hanging application Psp.exe, version 4.1.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/06/2012 05:04:57 PM) (Source: Application Error) (User: )
Description: Faulting application psp.exe, version 4.1.2.0, faulting module unknown, version 0.0.0.0, fault address 0x00000065.
Processing media-specific event for [psp.exe!ws!]

Error: (08/30/2012 08:03:32 PM) (Source: MsiInstaller) (User: TANIA-3D6EE56A9)TANIA-3D6EE56A9
Description: Product: DWG TrueView 2008 -- 1: 5 2: NGEN failed to exit within 10 sec 3: 258

Error: (08/29/2012 11:48:27 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/29/2012 09:05:27 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2012 09:05:24 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (08/29/2012 09:05:09 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (09/22/2012 07:51:26 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (09/20/2012 06:58:36 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:36 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (09/20/2012 06:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (09/22/2012 00:24:45 PM) (Source: MsiInstaller)(User: TANIA-3D6EE56A9)TANIA-3D6EE56A9
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27023. CA_Error27023: ToolbarStuff(0xE001003D): Toolbar install/uninstall failed(NULL)(NULL)(NULL)

Error: (09/20/2012 06:52:12 PM) (Source: Application Error)(User: )
Description: uninstall.exe0.0.0.00.0.0.000000000

Error: (09/17/2012 11:13:34 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (09/09/2012 10:42:28 PM) (Source: Application Hang)(User: )
Description: Psp.exe4.1.2.0hungapp0.0.0.000000000

Error: (09/06/2012 05:04:57 PM) (Source: Application Error)(User: )
Description: psp.exe4.1.2.0unknown0.0.0.000000065

Error: (08/30/2012 08:03:32 PM) (Source: MsiInstaller)(User: TANIA-3D6EE56A9)TANIA-3D6EE56A9
Description: Product: DWG TrueView 2008 -- 1: 5 2: NGEN failed to exit within 10 sec 3: 258 (NULL)(NULL)(NULL)

Error: (08/29/2012 11:48:27 AM) (Source: Application Hang)(User: )
Description: firefox.exe14.0.1.4577hungapp0.0.0.000000000

Error: (08/29/2012 09:05:27 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2012 09:05:24 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (08/29/2012 09:05:09 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Alibre Design (Version: 14.0.2.14052)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Brewtarget-1.2.4 (Version: 1.2.4)
BUZBY Breakin' All the Rules (Version: 1.00.0000)
e-Sword (Version: 10.00.0005)
FLO Return of the Water Beetles (Version: 1.00.0000)
Free DWG Viewer 7.1 (Version: 7.1)
Intel RSX 3D
Intel® 845G Chipset Graphics Driver Software
ItzaBitza (Version: 1.0.2)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
JumpStart Advanced Kindergarten
Math Blaster
Math Blaster Ages 9-12
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires Gold
Microsoft Digital Image Library 9 (Version: 9.00.0000)
Microsoft Digital Image Pro 9 (Version: 9.0.0.0000)
Microsoft Office 97, Standard Edition
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Monopoly
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSN
MSXML 6.0 Parser (Version: 6.00.3883.8)
NASCAR Revolution
Paint Shop Pro 4.12
Phonics
QuickTime (Version: 7.65.17.80)
Reader Rabbit's 1st Grade
Reading Blaster Kindergarten
Spellbound!
Spybot - Search & Destroy (Version: 1.6.2)
Ultimate Paint 2.88 (Version: 2.88)
WebFldrs XP (Version: 9.50.7523)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 510 MB
Available physical RAM: 342.58 MB
Total Pagefile: 1247.13 MB
Available Pagefile: 1122.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.85 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.24 GB) (Free:15.32 GB) NTFS
3 Drive d: (AOE) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\TANIA-3D6EE56A9

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****


oldgnarly

#15 oldgnarly

oldgnarly
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 September 2012 - 08:01 PM

Second log


Farbar Service Scanner Version: 19-09-2012
Ran by Owner (administrator) on 22-09-2012 at 17:59:30
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000080000000900000006000000070000000A000000
IpSec Tag value is correct.

**** End of log ****


oldgnarly




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users