XP Pro repair reinstallation problems

[KenB]

Hi

 

This is strange behaviour.

 

I responded to with a simple: "Banned???"!

I didn't get this message at all - I will ask the other admins if they received it.

 

I am not sure why "ipconfig" should be running in Task Manager.

I have checked mine on a couple of occasions and I do not see it at all.

 

I wonder if this is malware - along with the rogue "banned" message ???

 

Please d/l MBAM from here:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

 

Install and run it.

It will produce a log when finished - please copy this and post it with your reply.

[RandyL]

Hi.

 

I assure you that you were never banned. Further no notice was sent to us from you.

 

Are you sure you were on our forum and not a different forum?

 

Although it could have been a glitch that you saw a banned message we still would have received a message had one been sent.

 

It's also a possibility that malware may have been playing up on your system.

[rjhfandclf]

KenB: I don’t understand ipconfig in task manager either. I can only regularly start Windows now in ‘last good ...’ mode. This gives me a just about operable machine with task manager running at about 65 processes. I was wondering about running a malware check, as I have been watching for ipconfig and it flashes on briefly with ca 10-15% CPU usage then disappears. Looks suspicious. I am running Malwarebytes and will attach the results i.d.c. It will take a few hours for the three disks (int and ext). I hope it doesn't find much as Kaspersky is supposed to look after this!

 

RandyL: Re being banned – I promise I didn’t imagine it and this is the only forum I am keeping open. The message appeared in a banner box a bit like the quote box shown in messages, as I recall it.

 

NB PC just BSODed on me in mid flight - hope the malware checker doesn't have to start again!

[KenB]

If you can start up in Safe Mode try running MBAM from here.

[rjhfandclf]

KenB: Thanks - it is well underway again, so will try safe mode if it goes again.

 

 

RandyL: Should have added that the response message was sent on your online form that opened on ‘click here’, and was acknowledged as received!

[Starbuck]

I'll just add a quick reply here so that i get notifications of any replies.

[rjhfandclf]

In the end, I had to run the int HDDs' (C & E) MBAM via Safe Mode. The ext HDD (G) I had to run separately after rebooting in 'Last good...' mode again, as this drive was not available in safe mode. I attach the two txt files produced.

 

I cannot see anything operationally damaging in the C & E report showing 4 threats (two each identical in each of the mirror drives) as these seem to lie dormant in an old inherited download folder. I am not entirely sure where they came from. Perhaps you will see something I cannot, though.

 

PS I have now heard from Retrospect that I woud be able to either restore Windows XP system files from a older 'good' back-up session (although that would now be from about a month ago), or if I decided to replace my machine with Win 7 Pro, I will be able to restore my XP based files into their own directory OK - so at leat that gives me some other options to play with, as I am rapidly losing confidence that I will economically be able to resurrect this machine.

 

Thanks for all your support.

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

 

Database version: v2012.06.18.04

 

 

Windows XP Service Pack 3 x86 NTFS (Safe Mode)

Internet Explorer 8.0.6001.18702

Robin :: R-PC [administrator]

 

 

18/06/2012 19:23:16

mbam-log-2012-06-18 (19-23-16).txt

 

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 764424

Time elapsed: 1 hour(s), 33 minute(s),

 

 

Memory Processes Detected: 0

(No malicious items detected)

 

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

Registry Keys Detected: 0

(No malicious items detected)

 

 

Registry Values Detected: 0

(No malicious items detected)

 

 

Registry Data Items Detected: 0

(No malicious items detected)

 

 

Folders Detected: 0

(No malicious items detected)

 

 

Files Detected: 4

C:\Documents and Settings\Robin\My Documents\My Downloads\New\New Items in place\Adobe\Photoshop CS\photoshop\key gen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Documents and Settings\Robin\My Documents\My Downloads\New\New Items in place\Not yet installed\spyware remover (CHGE).exe (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

E:\Documents and Settings\Robin\My Documents\My Downloads\New\New Items in place\Adobe\Photoshop CS\photoshop\key gen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

E:\Documents and Settings\Robin\My Documents\My Downloads\New\New Items in place\Not yet installed\spyware remover (CHGE).exe (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully.

 

 

(end)

 

=============

 

Malwarebytes Anti-Malware 1.61.0.1400

http://www.malwarebytes.org

 

 

Database version: v2012.06.18.04

 

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Robin :: R-PC [administrator]

 

 

18/06/2012 22:05:12

mbam-log-2012-06-18 (22-05-12).txt

 

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 297331

Time elapsed: 4 minute(s), 28 second(s)

 

 

Memory Processes Detected: 0

(No malicious items detected)

 

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

Registry Keys Detected: 0

(No malicious items detected)

 

 

Registry Values Detected: 0

(No malicious items detected)

 

 

Registry Data Items Detected: 0

(No malicious items detected)

 

 

Folders Detected: 0

(No malicious items detected)

 

=======================

 

I have posted the logs they are easier to read this way - KenB

mbam-log-2012-06-18 (22-05-12).txt

mbam-log-2012-06-18 (19-23-16).txt

[KenB]

Please wait for Starbuck to advise before you do anything more.

 

There is a piece of malware linked to ipconfig.exe that needs investigating further.

[Starbuck]

Hi rjhfandclf,

 

C:\Documents and Settings\Robin\My Documents\My Downloads\New\New Items in place\Adobe\Photoshop CS\photoshop\key gen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

This isn't a good start.

You are downloading illegal software.

More than likely from a P2P program.

It's a good job those files were removed, or we wouldn't have been able to help you.

 

 

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

 

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

 

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

 

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

 

We now need a better look at your system:

 

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

[rjhfandclf]

Hello and thank you.

 

I take the reprimand – although currently not entirely correct! When I bought this PC 8 years ago it was used as a ‘family/student’ PC and all sorts of things got imported onto it – including downloads from an older PC. I don’t use P2P myself as I simply don’t trust such things. I thought I had cleared it out pretty well, particularly as these problems are quite new. Obviously I didn’t, but can try harder - if we get that far.

 

Anyway, that is all pretty irrelevant, so I have run OTL as instructed. The files are hundreds of lines long, so I attach tham as files as follows.

 

As you will see I had trouble attaching OTL.txt as it was too big for the forum rules. I have therefore had to convert it to a Word doc. If this is no good and you want me to try to copy/paste the contents, I will certainly try.

 

PS please note that I have just been called away on urgent family business for a couple of days, so will shortly be unable to reply further till around Friday.

 

Thanks again.

Extras.Txt

OTL.doc

[Starbuck]

OTL logfile created on: 19/06/2012 12:39:52 - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Robin\My Documents\My Downloads\New\System Protection

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.70% Memory free

3.84 Gb Paging File | 3.75 Gb Available in Paging File | 97.60% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 71.66 Gb Free Space | 48.08% Space Free | Partition Type: NTFS

Drive E: | 149.04 Gb Total Space | 73.54 Gb Free Space | 49.34% Space Free | Partition Type: NTFS

 

Computer Name: R-PC | User Name: Robin | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Robin\My Documents\My Downloads\New\System Protection\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)

SRV - (Retrospect Helper) -- C:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe (Retrospect, Inc)

SRV - (RetroLauncher) -- C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe (Retrospect, Inc)

SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (isposure_svc) -- C:\Program Files\isposure\IsposureAgent.exe (Epitiro Ltd.)

SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe (SiSoftware)

SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)

SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe (Acronis)

SRV - (Retrospect Client) -- C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe (EMC)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

SRV - (RoxLiveShare) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (Sonic Solutions)

SRV - (RoxMediaDB) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe (Sonic Solutions)

SRV - (RoxWatch) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (Sonic Solutions)

SRV - (RoxUPnPRenderer) -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe (Sonic Solutions)

SRV - (RoxUpnpServer) -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe (Sonic Solutions)

SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (AmdPPM) -- system32\DRIVERS\AmdPPM.sys File not found

DRV - (PSSDKLBF) -- C:\WINDOWS\system32\drivers\pssdklbf.sys (microOLAP Technologies LTD)

DRV - (PSSDK42) -- C:\WINDOWS\system32\drivers\pssdk42.sys (microOLAP Technologies LTD)

DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys (Trusteer Ltd.)

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)

DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)

DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)

DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\sandra.sys (SiSoftware)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (SI3112r) -- C:\WINDOWS\system32\drivers\SI3112r.sys (Silicon Image, Inc)

DRV - (SiWinAcc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc)

DRV - (SiFilter) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc)

DRV - (MarkFun_NT) -- C:\Program Files\Gigabyte\@BIOS\markfun.w32 (Windows ® 2000 DDK provider)

DRV - (amdtools) -- C:\WINDOWS\system32\drivers\AmdTools.sys (AMD, Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)

DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)

DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)

DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)

DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)

DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()

DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)

DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Chic Tech.)

DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)

DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)

DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)

DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)

DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)

DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)

DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)

DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)

DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)

DRV - (ETDrv) -- C:\WINDOWS\System32\drivers\ETDrv.sys (Microsoft Corporation)

DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)

DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)

DRV - (si3112) -- C:\WINDOWS\system32\drivers\si3112.sys (Silicon Image, Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)

DRV - (WMIBIOS) -- C:\WINDOWS\system32\drivers\wmibios.sys (Gigabyte Technology)

DRV - (WMIINFO) -- C:\WINDOWS\system32\drivers\wmiinfo.sys (Gigabyte Technology)

DRV - (KeyMaestro) -- C:\WINDOWS\system32\drivers\Maestro0.sys ()

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {921ACA52-604E-49BC-A268-84548A7E62BA}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16046&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=OE&apn_dtid=VIN009YYGB&apn_uid=05F127DA-4C7C-4951-A592-8EFD9772B0F5&apn_sauid=EDFE8A68-B9B9-47E8-87E3-5BEFF99C1ECE&

IE - HKCU\..\SearchScopes\{921ACA52-604E-49BC-A268-84548A7E62BA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (English)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2010/03/09 19:02:19 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/03/09 19:02:19 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/05/03 11:16:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/03 11:16:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/05/03 11:16:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 19:21:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/19 19:40:41 | 000,000,000 | ---D | M]

 

[2010/09/08 14:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions

[2010/09/08 14:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2012/01/02 13:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions

[2009/11/01 13:19:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/07/24 10:03:59 | 000,000,000 | ---D | M] (Sage) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}

[2009/06/27 22:05:08 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}

[2009/07/02 12:24:00 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2008/12/09 19:49:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}

[2009/08/13 10:09:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/06/29 17:59:09 | 000,000,000 | ---D | M] (Define) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\define@sogame.cat

[2007/10/19 15:45:30 | 000,000,000 | ---D | M] ("British English Dictionary">) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2009/10/29 17:45:09 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\piclens@cooliris.com

[2009/10/29 17:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\extensions\piclens@cooliris.com-trash

[2009/11/02 18:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yrgjnk25.RF new profile\extensions

[2009/11/01 13:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yrgjnk25.RF new profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/11/01 13:55:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yrgjnk25.RF new profile\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/11/01 16:44:31 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yrgjnk25.RF new profile\extensions\personas@christopher.beard

[2009/11/01 13:55:22 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yrgjnk25.RF new profile\extensions\piclens@cooliris.com

[2012/05/03 16:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yvwyys1k.RF newer profile\extensions

[2012/03/07 23:43:52 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yvwyys1k.RF newer profile\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010/04/27 18:07:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yvwyys1k.RF newer profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/06 19:00:19 | 000,000,000 | ---D | M] ("MemberPlugin") -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\yvwyys1k.RF newer profile\extensions\MemberPlugin@edward.hibbert

[2010/06/17 10:56:56 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\searchplugins\askcom.xml

[2006/11/20 19:58:36 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\kzvonah0.default\searchplugins\wikipedia-english.xml

[2012/03/19 18:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2012/06/18 19:21:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2007/12/13 10:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npagent.dll

[2012/02/27 13:49:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2005/01/10 12:19:46 | 000,389,632 | ---- | M] (InfoMill Ltd.) -- C:\Program Files\mozilla firefox\plugins\Npgfxv.dll

[2006/01/18 13:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

[1997/07/25 17:11:50 | 000,304,128 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\Pngdll.dll

[2012/06/18 19:21:29 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/06/18 19:21:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/18 19:21:29 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/06/18 19:21:29 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/06/18 19:21:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2012/06/18 19:21:29 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

[Starbuck]

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe (Maxtor)

O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)

O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe (thinkbroadband.com)

O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)

O4 - HKCU..\Run: [EPSON Stylus Photo R1900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICUE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKCU..\Run: [smartRAM] C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe (IObit)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk = C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe (Silicon Image, Inc.)

O4 - Startup: C:\Documents and Settings\Robin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm File not found

O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm File not found

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/UK/install.cab (Reg Error: Value error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{318271A4-A309-461E-8EF1-677622B5E412}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C86EC767-9869-4EEE-A8F1-A6EC2D6F5967}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/02 12:56:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005/01/02 12:56:27 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sprestrt)

O34 - HKLM BootExecute: (sprestrt)

O34 - HKLM BootExecute: (sprestrt)

O34 - HKLM BootExecute: (sprestrt)

O34 - HKLM BootExecute: (sprestrt)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: Ias - File not found

NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)

NetSvcs: Irmon - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe - (FUJI PHOTO FILM CO., LTD.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gwum.lnk - C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe - ()

MsConfig - StartUpFolder: C:^Documents and Settings^Robin^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk - C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe - (ScanSoft)

MsConfig - StartUpReg: 1&1 EasyLogin - hkey= - key= - C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet Ltd.)

MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found

MsConfig - StartUpReg: Glary Memory Optimizer - hkey= - key= - C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)

MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found

MsConfig - StartUpReg: KeyMaestro - hkey= - key= - c:\Program Files\KMaestro\KMaestro.exe ()

MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - File not found

MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - File not found

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: REGSHAVE - hkey= - key= - C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)

MsConfig - StartUpReg: Reminder - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe (Sonic Solutions)

MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe ()

MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: Windows Defender - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: Wise-FTP Scheduler - hkey= - key= - C:\Program Files\AceBIT\Wise-FTP\WF_Scheduler.exe (AceBIT GmbH)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 2

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 10

[Starbuck]

Hi rjhfandclf,

 

I'm not sure how far this will go.

Reading the whole thread and looking at the error reports, it may well be a drive problem.

Plus if you can only get into safe mode.... we're a bit limited.

But let's see what we can do.

 

Step 1

Programs to uninstall

 

J2SE Runtime Environment 5.0 Update 1

J2SE Runtime Environment 5.0 Update 2

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 6

Java™ 6 Update 3

These are old versions which should have been removed when a newer version was installed.

 

Don't uninstall Java™ 6 Update 31 for now.

Reboot the system once removed.

 

I also recommend removing:

Advanced SystemCare 5

This is not a very good company.

It was caught stealing definitions from MBAM.

That said, this program may very well conflict with Kaspersky Internet Security.

 

TweakNow RegCleaner Standard

We don't recommend any reg cleaners.

They are known to cause more harm than good.

 

Step 2

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
DRV - (AmdPPM) -- system32\DRIVERS\AmdPPM.sys File not found
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\R apportIaso.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\3 4302\RapportCerberus32_34302.sys ()
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm File not found
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/UK/install.cab (Reg Error: Value error.)
MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - Reg Error: Value error. File not found
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B2514F

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

In your next reply, please submit:

Otl fix report

 

Thanks

[rjhfandclf]

Hello,

 

Thanks very much for all your help.

 

Delighted to get rid of Advanced Windows Care as this caused all the original crash problems following a slow PC (I also got my money back from them!)

 

Listed Java bits now all gone too, as well as TweakNow and also Glary Utilities, which I found as well. I do still have ERUNT and NTREGOPT, which are slightly different, and which were highly recommended to me by a tech professional some years ago. I hope you agree!

 

OTL log:

 

Files\Folders moved on Reboot...

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

 

OTL ran OK, but didn’t want to close down after displaying a message box that said “Cannot create file C\windows\systen32\drivers\etc\hosts”. I left it running for quite a while, but it did nothing, so I closed OTL manually and rebooted. The OTL log opened on reboot.

 

 

NB when I open OTL, I notice that ‘Extra Registry’ has ‘None’ checked, not ‘Use safe list’ as shown in your previous screen shot. This was how it was set when I posted the last results – I don’t know if it is relevant or not. Equally, I have not altered it to ‘Use safe list’ this time – nor made any of the other changes you previously asked for. If this is incorrect and I need to run it again, pls let me know.

 

 

Thanks.

[rjhfandclf]

I should have added that, as from my first post in this thread, Kaspersky recommended the link to MS's kb on resetting hosts to default. That seemed to solve the cpu hogging 'conflict' with Kaspersky's avp and svhosts - but also seemed to coincide with the influx of dozens of ipconfig entries in task manager (currently there are about 130 in task manager).

 

Also, re starting up, I always try in normal mode first, but if this fails, I try last good mode, then safe mode as a fall-back. Last night's post was written while in a rare normal mode. This morning is last good mode.

[rjhfandclf]

I am afraid I am going to have to try something basic to see if I can get Windows working again. Things have deteriorated to the extent that I cannot now boot into any working mode other than safe. In any other mode, I cannot open any mainstay programs other than Firefox. In safe mode I cannot access the internet, so I am stumped - and have an enormous amount of work backing up.

 

I thought I might try another repair install - but with very little confidence. If this will affect anything you might be working on or wish to suggest, please kindly let me know, but I must try something soon.

 

NB what I don't understand is why, if there is some malware affecting the amchine, has Kaspersky not recognised it!

 

Many thanks.

[Starbuck]

Hi rjhfandclf

 

Sorry for the late reply, i didn't get a notification of any replies to this thread.

 

Things have deteriorated to the extent that I cannot now boot into any working mode other than safe. In any other mode, I cannot open any mainstay programs other than Firefox.

plus you said:

 

NB what I don't understand is why, if there is some malware affecting the amchine, has Kaspersky not recognised it!

Kaspersky is good at recognising malware.

I honestly think this is not a malware issue.

I pointed out before that it did seem to be a Hard drive problem.

Look at the error logs, there's so much going on.

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 14/06/2012 06:46:11 | Computer Name = R-PC | Source = Windows Search Service | ID = 3100

Description = Unable to initialize the filter host process. Terminating. Details:

A

system shutdown is in progress. (0x8007045b)

 

Error - 14/06/2012 07:07:32 | Computer Name = R-PC | Source = Microsoft Office 11 | ID = 2001

Description = Rejected Safe Mode action : Microsoft Office Outlook.

 

Error - 15/06/2012 05:39:44 | Computer Name = R-PC | Source = Application Error | ID = 1000

Description = Faulting application ipconfig.exe, version 5.1.2600.5512, faulting

module unknown, version 0.0.0.0, fault address 0x2e6d6f64.

 

Error - 15/06/2012 11:52:56 | Computer Name = R-PC | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

 

Error - 17/06/2012 12:08:33 | Computer Name = R-PC | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: The server name or address could not be resolved

 

Error - 18/06/2012 09:38:20 | Computer Name = R-PC | Source = Windows Search Service | ID = 3013

Description = The entry

PROTECTION\MBAM-SETUP-1.61.0.1400.EXE> in the hash map cannot be updated. Context:

Application, SystemIndex Catalog Details: A device attached to the system is not

functioning. (0x8007001f)

 

Error - 18/06/2012 09:38:20 | Computer Name = R-PC | Source = Windows Search Service | ID = 3013

Description = The entry

PROTECTION\MBAM-SETUP-1.61.0.1400.EXE> in the hash map cannot be updated. Context:

Application, SystemIndex Catalog Details: A device attached to the system is not

functioning. (0x8007001f)

 

Error - 18/06/2012 16:33:20 | Computer Name = R-PC | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from:

with error: This operation returned because the timeout period expired.

 

Error - 19/06/2012 06:40:42 | Computer Name = R-PC | Source = Microsoft Office 11 | ID = 2001

Description = Rejected Safe Mode action : Microsoft Office Outlook.

 

Error - 19/06/2012 07:09:47 | Computer Name = R-PC | Source = Windows Search Service | ID = 3013

Description = The entry

PROTECTION\OTL.EXE> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

 

 

[ Silicon Image Events ]

Error - 09/06/2012 14:19:56 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 11/06/2012 06:03:42 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 11/06/2012 14:53:08 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 12/06/2012 06:12:27 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 12/06/2012 06:27:47 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 12/06/2012 16:50:29 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 13/06/2012 06:22:19 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 13/06/2012 06:40:33 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 13/06/2012 07:11:56 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

Error - 13/06/2012 09:45:46 | Computer Name = R-PC | Source = SATARaid | ID = 0

Description = Event Email Error -Socket Connect Error Error code 0x00000000.

 

[ System Events ]

Error - 12/06/2012 17:33:12 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:33:42 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:34:12 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:34:42 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:35:12 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:35:43 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:36:13 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:36:43 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:37:13 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

Error - 12/06/2012 17:37:43 | Computer Name = R-PC | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the 6to4 service.

 

and it seems you have already tried to fix this without success:

 

I have now tried several ways to check/fix the disks, but nothing works. I tried via Explorer > properties: check disk and even that said it couldn't complete. cmd > chkdsk (no parameters) runs but says it finds errors, but can't complete in read only mode.

 

By all means try a Repair Install, but if the hard drive is going ..... you aren't really going to get anywhere.

If your work is backing up, you need a more up to date and reliable system.

[rjhfandclf]

Hello,

 

Thanks - and noted! I have decided to grasp the nettle and have ordered a new system. In the meantime, I have found a route to get the old PC running, albeit intermittently, in reasonably operable 'normal' mode, but with occasional BS crashes that refer to hardware probs. It entails three boots ... last good (which fails) > safe+net (fine but no nets!) > last good again ... which presently 'works'. This route has worked a couple of times now - despite appearing illogical! At least I can get some work done.

 

I will leave the repair install until it becomes absolutely necessary in hope that I can transfer my backed up data from Retrospect into Win7 Pro XP mode OK. Retrospect have given me some help with this.

 

One query that still bugs me is why I still get dozens/hundreds of ipconfig entries in task manager during a partially failed boot. Hopefully it's academic now ... just curious.

 

Thanks again to all for all your help.

 

Best wishes.

[rjhfandclf]

One query that still bugs me is why I still get dozens/hundreds of ipconfig entries in task manager during a partially failed boot. Hopefully it's academic now ... just curious.

 

Just wondering if anyone has any ideas about this - if not I will close my end of the thread ... new system due to arrive tomorrow :D with Win 7 Pro and Office 2010. Something new to get used to!

 

Thanks