macbryde

At the end I have solved it. I used subinacl (http://www.ponx.org/download/CD/Outils-Win/subinacl.htm) I created a file called "reset.cmd" in C:\Program Files\Windows Resource Kits\Tools You run this from the cmd prompt change username into the excisting windows user and run. ***************** subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=username=f /setowner=administrators > %temp%\subinacl_output.txt subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f /grant=restricted=r /grant=username=f /setowner=administrators >> %temp%\subinacl_output.txt subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f /grant=users=r /grant=everyone=r /grant=restricted=r /setowner=administrators >> %temp%\subinacl_output.txt subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=users=r /setowner=administrators >> %temp%\subinacl_output.txt subinacl /subdirectories %SystemDrive% /grant=system=f ******************************** this has solved my problem

Anyone in this forum to advise me how to,solve this problem. I have admin rights to my "own" laptop whcih I bought 5 years ago. In the last 5 years that i have used it I have installed many programs Why can't I install programs like windows-defender or i-tunes. Whereas for example at the same time I can install a number of other programs without any problem.

The discussion is going in the wrong direction. First of all : 1.the laptop is not infected. I have no viruses or malware. I checked the laptop with Kaspersky and with Superantispyware. 2. I have acquired my laptop in a store. I did not very much appreciate the remark BWD. 3. TYhe google suggestion followed by the Microsoft support did not solve my problem. 4. it is not only related to windows defender, today I tried to install I-tunes and I got the same message. 5 it seems as if any installation is rejected that uses windows installer although I am logged on as administrator. 6. I downloaded from Microsoft a program to fix "problems installing and uninstalling programs on Windows-based computers" from here: http://support.microsoft.com/kb/2438651/ but it did not solve the porblem. Error message says: I-tunes: There is a problem with Windows installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. After selecting OK the install rolls back completely. Happy to get some useful input and/or suggestions to solve this

I have no virus or malware. I ran malwarebytes and I have an updated virusprogram "sophos". this must be something else.... I also googled as suggested but could not come any further. happy for any suggestion

HI , I am logged on as admin . My OS is Windows XP Sp3.

Hi, I am having difficulties with installing Windows defender to my laptop. I have downloaded the file "WindowsDefender.msi" and after running I get this windows message Windows defender installlation information with a yellow exclamation mark: The installer has insufficient privileges to modify this file C:\program files\windows Defender\MsMpEng.exe. I have to cancel and the installation rolls back. Can you please help me i have tried many things I I cannot get it installed......

I am sorry to hear that. I am of course prepared to delete all these program and cracks and whatever. I really had no clue that this was on the PC anyway. I have taken notice of the policy and agree with what is there. Is there a possiblity to continue and to get your support. I will delete and uninstall any program or whatever is needed to get this cleaned. many thanks in advance

I am sorry as well to have this illegal software on the Laptop. I would like to delete and remove it, no problem. But i don't know how and what to remove. I would also be happpy if you could help me with this and get a safe environment again. thanks in advance

Dear all, I have run the online virus scanner eset on my laptop and it has found multiple threads. Please advise me how to remove the threads. see the eset logfile below: ************************************************************8888 C:\Documents and Settings\Cees\My Documents\Midi files\### Tools ### Karaoke Gold Starter Pack\WinZip 9.0 & KeyGen.zip a variant of Win32/Keygen.BP application C:\Documents and Settings\Cees\My Documents\Qoobox\Quarantine\C\Documents and Settings\Cees\Start Menu\Programs\Startup\_updpxe32_.exe.zip a variant of Win32/Kryptik.GAZ trojan C:\Documents and Settings\Cees\My Documents\Qoobox\Quarantine\C\WINDOWS\system32\fjhdyfhsn.bat.vir BAT/KillFiles.NCB trojan C:\Documents and Settings\Cees\My Documents\Tag___Rename_3.3\Tag & Rename 3.3.rar a variant of Win32/HackTool.Patcher.A application C:\Documents and Settings\Cees\My Documents\temp\dvrsetup.exe multiple threats C:\Documents and Settings\Cees\My Documents\USB STIKJE BLAUW\Copy of Copy of Registry_Booster_v2.0.1092.3366.rar a variant of Win32/HackTool.Patcher.A application C:\Documents and Settings\Cees\My Documents\________AA___nog verplaatsen\ErrFx4712.rar probably a variant of Win32/Adware.ErrorRepair application C:\Documents and Settings\Cees\My Documents\________AA___nog verplaatsen\GPhotoShow.Pro.v4.3.rar a variant of Win32/Keygen.BM application C:\Program Files\PDF Password Remover v3.0\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application C:\Program Files\PDF Password Remover v3.0\winDecrypt.exe.BAK probably a variant of Win32/PSWTool.PdfCracker.A application C:\Program Files\PowerISO\Keygen.exe a variant of Win32/Keygen.AF application C:\Program Files\TagRename\Patch.exe probably a variant of Win32/HackTool.Patcher.A application C:\System Volume Information\_restore{4EF4D387-4A57-420B-B2FC-0487DC13972A}\RP723\A0131093.exe NSIS/TrojanDownloader.Agent.NBS.Gen trojan *************************************************

Hi, I did run combofix. It reported a rootkit.zeroaccess virus. Please find attached the full output of ComboFix. Note that the post was too long. The message to shorten the post a bit, however I didn't know what to remove and what to leave in the text. I have attached both the the complete combofix report(log.txt) + the new DDS log (atached in DDS.txt) Hope this is ok. thanks log.txt DDS.txt

Dear all, Since a couple of days my sophos virus program does not run anymore. It started with a message while i tried to delete something from the sophos quarantine. I have successfully started with "defogger" to deactivate virtual CD drives. In windows(xp )safe mode I tried to run MBAM but the programs simply stop and window closes when i try to run the scan. I have managed to create a ddr file with a tool I found on bleeping computers (see attached). Could not create the ark.txt because i could not run the scan with GMER.EXE. After unchecking the boxes "IAT/ETA" and "show all' I selected scan and then the window closed. Each time an error message pops up "error windows cannot access the specified device path or file you may not have the appropriate permissions to access the item" . I would really appreciate some help how to proceed. see below the DDR file: ***************************************************************************************************************************** DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Cees at 21:51:47 on 2011-07-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.343 [GMT 2:00] . AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} FW: Sophos Client Firewall *Enabled* . ============== Running Processes =============== . "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\TomTom HOME\TomTomHOMEService.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\TpScrLk.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\vspc2050.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\tclocklight-040702-3\tclock.exe C:\WINDOWS\Integrator.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyServer = http=94.228.220.7:8080;ftp=94.228.220.7:8080;https=94.228.220.7:8080; uURLSearchHooks: H - No File uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\bh\BabylonToolbar.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll TB: {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - No File TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: PDFXChange 4.0 IE Plugin: {42dfa04f-0f16-418e-b80c-ab97a5afad39} - c:\program files\tracker software\pdf-xchange 4\PXCIEAddin4.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarTlbr.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe uRun: [<NO NAME>] mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [TpShocks] TpShocks.exe mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sPC2050] c:\windows\vspc2050.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [<NO NAME>] mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [babylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\cees\startm~1\programs\startup\batter~1.lnk - c:\program files\dachshund software\battery doubler\Battery Doubler.exe StartupFolder: c:\docume~1\cees\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\cees\startm~1\programs\startup\shortc~1.lnk - c:\program files\tclocklight-040702-3\tclock.exe uPolicies-explorer: nosimplestartmenu = 1 (0x1) uPolicies-explorer: norecentdochistory = 0 (0x0) uPolicies-explorer: maxrecentdocs = 5 (0x5) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: SYSTRAN Opzoeken - c:\program files\systran\6\\GUIres.dll/lookup.js IE: SYSTRAN Vertalen - c:\program files\systran\6\\GUIres.dll/translate.js IE: {29F02F90-D4AE-4c9a-82D2-D8DCDD507F33} - c:\program files\radarsync\RadarSync Website.lnk IE: {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\winsysclean 2008\udmanager\UDManager.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll Trusted Zone: ebay.de\signin Trusted Zone: ecb.int\wrap Trusted Zone: microsoft.com\support DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: ACNotify - ACNotify.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL LSA: Authentication Packages = msv1_0 relog_ap LSA: Notification Packages = scecli ACGina ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina Hosts: 65.75.216.6 www.winmx.com err.winmx.com Hosts: 205.238.40.54 www.winmx.com err.winmx.com Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl|http://www.bedrockplace.eu/search.php|http://iskrwlcogisjthmeasiwk.com/index.php|http://geizhals.at/|http://my.ebay.de/ws/eBayISAPI.dll?MyEbayBeta&MyEbay=&CurrentPage=MyeBaySummary&ssPageName=STRK%3AME%3ALNLK%3AMESUMX&gbh=1&guest=1 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\fb_add_on@avm.de\platform\winnt_x86-msvc\components\FB_AddOn.dll FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\firetorrent@radicalsoft.com\components\firetorrent.dll FF - component: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\piclens@cooliris.com\components\cooliris.dll FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\documents and settings\cees\application data\mozilla\firefox\profiles\s8zr7pal.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\cees\application data\mozilla\plugins\npagee.dll FF - plugin: c:\documents and settings\cees\application data\mozilla\plugins\npcoolirisplugin.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\citrix\secure access client\npagee.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: FireTorrent: firetorrent@radicalsoft.com - %profile%\extensions\firetorrent@radicalsoft.com FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com FF - Ext: Torrent Finder Toolbar: TFToolbarX@torrent-finder - %profile%\extensions\TFToolbarX@torrent-finder FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF - Ext: RSS Ticker: {1f91cde0-c040-11da-a94d-0800200c9a66} - %profile%\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF - Ext: TorrentBar: {7b821b0e-b102-4f9b-b6e3-433ede1fe379} - %profile%\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379} FF - Ext: Simple RSS Reader (SRR): {A5475360-A7EA-437b-9A79-29208F476940} - %profile%\extensions\{A5475360-A7EA-437b-9A79-29208F476940} FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: FireMule: {D644F7E7-5141-4fac-A59C-21101C82C734} - %profile%\extensions\{D644F7E7-5141-4fac-A59C-21101C82C734} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension . ============= SERVICES / DRIVERS =============== . R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-5-9 24304] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-9 13480] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-7-6 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-7-6 24064] R1 scfdriver;SCF Kernel Driver;c:\windows\system32\drivers\scfdriver.sys [2009-8-2 86264] R1 scfint;Sophos Client Firewall packet filter;c:\windows\system32\drivers\scfint.sys [2011-3-2 52984] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872] R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-5-9 132456] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-25 54752] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-10-23 53248] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640] R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;c:\program files\sophos\sophos client firewall\SCFManager.exe [2010-4-27 128240] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home\TomTomHOMEService.exe [2011-3-9 92592] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 63928] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192] R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\windows\system32\drivers\ausbmon.sys [2010-12-18 19744] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-10-3 37312] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl --> c:\program files\cyberlink\powerdvd8\000.fcl [?] S2 ClipInc001;ClipInc 001;c:\program files\tobit clipinc\server\clipinc-server.exe 001 --> c:\program files\tobit clipinc\server\ClipInc-Server.exe 001 [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45496] S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] S2 Sophos Client Firewall;Sophos Client Firewall;c:\program files\sophos\sophos client firewall\SCFService.exe [2010-4-27 32496] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys --> c:\windows\system32\drivers\camdrv41.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-5-16 137600] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [2011-1-8 39488] S3 pgusbwdm;usb-audio.de driver (commercial 2.8.45);c:\windows\system32\drivers\pgusbwdm.sys [2011-1-8 403008] S3 TridDev;Yakumo QuickStick TV easy Device;c:\windows\system32\drivers\Triddev.sys [2006-2-23 3584] S3 TridVid;Yakumo QuickStick TV easy;c:\windows\system32\drivers\TridVid.sys [2006-2-23 165760] S3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\drivers\tsmpkt.sys --> c:\windows\system32\drivers\tsmpkt.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-1-29 160640] S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-1-29 5248] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-8-6 14976] . =============== Created Last 30 ================ . 2011-07-31 17:01:07 1537536 ----a-w- c:\windows\system32\erdmpg-hi.dll 2011-07-31 17:01:07 -------- d-----w- c:\program files\common files\Doblon 2011-07-31 17:01:05 -------- d-----w- c:\program files\Doblon 2011-07-29 21:31:50 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{c2a5e103-4ad2-44e3-b22b-71eb2962a521}\mpengine.dll 2011-07-23 11:29:02 -------- d-----w- c:\program files\ReNamer 2011-07-22 23:46:52 -------- d-----w- c:\program files\vanBasco's Karaoke Player 2011-07-08 18:57:10 -------- d-----w- c:\windows\Performance 2011-07-08 18:54:50 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor . ==================== Find3M ==================== . 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-15 13:41:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2003-08-07 10:44:08 22528 ------w- c:\program files\Dirscan18.exe 2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll . ============= FINISH: 21:52:07,34 =============== Attach.zip

Hi, Since a couple of days my sophos virus program does not run anymore. It started with a message while i tried to delete something from the sophos quarantine . I have succesfully started with "defogger" to remove virtual DVD or CD drives. In windows(xp )safe mode I tried to run MBAM but the programs simply stop and window closes when i try to run the scan. I have managed to create a ddr file ( see attached) Each time an error message pops up "error windows cannot access the specified device path or file you may not have the appropiate permissions to access the item" Happy to receive your observations and help. Attach.zip