Jump to content

duffman1021

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. thanks friend, thanks for your patience. here is the report; ComboFix 11-10-06.03 - Anthua 10/06/2011 15:03:09.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.297 [GMT -4:00] Running from: c:\documents and settings\Anthua\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Anthua\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 ))))))))))))))))))))))))))))))) . . 2011-10-04 19:27 . 2011-10-04 19:27 -------- d-----w- c:\program files\Dell 720 2011-10-04 19:27 . 2004-05-27 09:25 57344 ----a-w- c:\windows\system32\dlbccinf.dll 2011-10-04 19:27 . 2004-05-27 09:25 49152 ----a-w- c:\windows\system32\dlbccoin.dll 2011-10-04 19:27 . 2004-05-27 09:06 73728 ----a-w- c:\windows\system32\dlbcpwr.dll 2011-10-04 19:27 . 2004-03-04 15:30 311296 ----a-w- c:\windows\system32\LEXBCES.EXE 2011-10-04 19:27 . 2004-03-04 15:26 174592 ----a-w- c:\windows\system32\LEXPPS.EXE 2011-10-04 19:27 . 2003-07-29 13:27 78336 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\DLBCPP5C.DLL 2011-10-04 19:27 . 2002-11-13 19:40 40960 ----a-w- c:\windows\system32\dlbcvs.dll 2011-10-04 19:26 . 2011-10-04 19:26 -------- d-----w- C:\Dell720 2011-10-03 21:51 . 2003-07-28 17:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2011-10-03 21:30 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2011-10-03 21:30 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-17 18:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-17 18:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-13 03:22 . 2011-09-13 03:22 50112 --sha-w- c:\windows\system32\c_17133.nl_ 2011-09-11 03:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-09-11 03:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-09-11 02:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-09-09 18:54 . 2011-09-11 23:29 -------- d-----w- c:\windows\SxsCaPendDel 2011-09-08 01:36 . 2011-09-08 01:36 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-09 09:12 . 2005-03-09 19:19 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\vokj.exe 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\kvdi.exe 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\grrd.exe 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\fxmg.exe 2011-07-15 13:29 . 2005-03-09 19:19 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2011-07-05 18:59 . 2011-07-05 18:59 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-03_21.58.25 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-04 19:27 . 2002-05-09 18:25 24576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexgo.EXE - 2002-05-09 19:25 . 2002-05-09 19:25 24576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexgo.EXE - 2001-01-19 20:50 . 2001-01-19 20:50 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\INSTMON.EXE + 2011-10-04 19:27 . 2001-01-19 19:50 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\INSTMON.EXE - 1996-09-01 15:19 . 1996-09-01 15:19 73856 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\HLP256.DLL + 2011-10-04 19:27 . 1996-09-01 14:19 73856 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\HLP256.DLL - 2002-11-13 20:40 . 2002-11-13 20:40 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcvs.dll + 2011-10-04 19:27 . 2002-11-13 19:40 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcvs.dll + 2011-10-04 19:27 . 2004-05-27 09:22 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUPD.DLL - 2005-01-06 07:48 . 2005-01-06 07:48 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUPD.DLL + 2011-10-04 19:27 . 2004-05-27 09:26 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUNRS.DLL - 2006-04-23 20:30 . 2005-01-06 07:56 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUNRS.DLL + 2011-10-04 19:27 . 2004-05-27 09:23 48128 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUI5C.DLL - 2005-01-06 07:51 . 2005-01-06 07:51 48128 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUI5C.DLL - 2005-01-06 07:20 . 2005-01-06 07:20 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcpwr.dll + 2011-10-04 19:27 . 2004-05-27 09:06 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcpwr.dll - 2003-07-29 14:27 . 2003-07-29 14:27 78336 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPP5C.DLL + 2011-10-04 19:27 . 2003-07-29 13:27 78336 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPP5C.DLL - 2003-04-30 20:35 . 2003-04-30 20:35 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWX.EXE + 2011-10-04 19:27 . 2003-04-30 19:35 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWX.EXE - 2005-01-06 07:50 . 2005-01-06 07:50 85504 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCDR5C.DLL + 2011-10-04 19:27 . 2004-05-27 09:23 85504 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCDR5C.DLL - 2005-01-06 07:54 . 2005-01-06 07:54 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccoin.dll + 2011-10-04 19:27 . 2004-05-27 09:25 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccoin.dll + 2011-10-04 19:27 . 2004-05-27 09:25 57344 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccinf.dll - 2005-01-06 07:54 . 2005-01-06 07:54 57344 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccinf.dll + 2011-10-04 19:27 . 2002-05-09 18:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE - 2002-05-09 19:25 . 2002-05-09 19:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE - 2001-01-19 20:50 . 2001-01-19 20:50 40960 c:\windows\system32\spool\drivers\w32x86\3\INSTMON.EXE + 2011-10-04 19:27 . 2001-01-19 19:50 40960 c:\windows\system32\spool\drivers\w32x86\3\INSTMON.EXE + 2011-10-04 19:27 . 1996-09-01 14:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL - 1996-09-01 15:19 . 1996-09-01 15:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL + 2011-10-04 19:27 . 2002-11-13 19:40 40960 c:\windows\system32\spool\drivers\w32x86\3\dlbcvs.dll - 2002-11-13 20:40 . 2002-11-13 20:40 40960 c:\windows\system32\spool\drivers\w32x86\3\dlbcvs.dll - 2005-01-06 07:48 . 2005-01-06 07:48 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCUPD.DLL + 2011-10-04 19:27 . 2004-05-27 09:22 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCUPD.DLL + 2011-10-04 19:27 . 2004-05-27 09:26 49152 c:\windows\system32\spool\drivers\w32x86\3\DLBCUNRS.DLL - 2006-04-23 20:30 . 2005-01-06 07:56 49152 c:\windows\system32\spool\drivers\w32x86\3\DLBCUNRS.DLL + 2011-10-04 19:27 . 2004-05-27 09:23 48128 c:\windows\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL - 2005-01-06 07:51 . 2005-01-06 07:51 48128 c:\windows\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL + 2011-10-04 19:27 . 2004-05-27 09:06 73728 c:\windows\system32\spool\drivers\w32x86\3\dlbcpwr.dll - 2005-01-06 07:20 . 2005-01-06 07:20 73728 c:\windows\system32\spool\drivers\w32x86\3\dlbcpwr.dll - 2003-07-29 14:27 . 2003-07-29 14:27 78336 c:\windows\system32\spool\drivers\w32x86\3\DLBCPP5C.DLL + 2011-10-04 19:27 . 2003-07-29 13:27 78336 c:\windows\system32\spool\drivers\w32x86\3\DLBCPP5C.DLL + 2011-10-04 19:27 . 2003-04-30 19:35 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWX.EXE - 2003-04-30 20:35 . 2003-04-30 20:35 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWX.EXE - 2005-01-06 07:50 . 2005-01-06 07:50 85504 c:\windows\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL + 2011-10-04 19:27 . 2004-05-27 09:23 85504 c:\windows\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL - 2005-01-06 07:54 . 2005-01-06 07:54 49152 c:\windows\system32\spool\drivers\w32x86\3\dlbccoin.dll + 2011-10-04 19:27 . 2004-05-27 09:25 49152 c:\windows\system32\spool\drivers\w32x86\3\dlbccoin.dll - 2005-01-06 07:54 . 2005-01-06 07:54 57344 c:\windows\system32\spool\drivers\w32x86\3\dlbccinf.dll + 2011-10-04 19:27 . 2004-05-27 09:25 57344 c:\windows\system32\spool\drivers\w32x86\3\dlbccinf.dll - 2005-10-05 22:01 . 1997-04-09 01:08 299520 c:\windows\uninst.exe + 2005-10-05 22:01 . 1997-04-09 00:08 299520 c:\windows\uninst.exe + 2011-10-04 19:27 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\ptzipw32.dll - 1998-10-06 22:12 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\ptzipw32.dll - 2004-03-04 16:26 . 2004-03-04 16:26 174592 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXPPS.EXE + 2011-10-04 19:27 . 2004-03-04 15:26 174592 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXPPS.EXE - 2004-03-04 16:25 . 2004-03-04 16:25 201216 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXP2P32.DLL + 2011-10-04 19:27 . 2004-03-04 15:25 201216 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXP2P32.DLL - 2003-03-26 19:29 . 2003-03-26 19:29 192512 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexlmpm.dll + 2011-10-04 19:27 . 2003-03-26 18:29 192512 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexlmpm.dll - 2004-02-02 20:08 . 2004-02-02 20:08 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexedf.dll + 2011-10-04 19:27 . 2004-02-02 19:08 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexedf.dll - 2000-02-09 13:35 . 2000-02-09 13:35 170496 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexdrvin.exe + 2011-10-04 19:27 . 2000-02-09 12:35 170496 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexdrvin.exe + 2011-10-04 19:27 . 2004-03-04 15:30 311296 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCES.EXE - 2004-03-04 16:30 . 2004-03-04 16:30 311296 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCES.EXE - 2004-03-04 16:27 . 2004-03-04 16:27 147456 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCE.DLL + 2011-10-04 19:27 . 2004-03-04 15:27 147456 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCE.DLL - 2004-03-04 16:34 . 2004-03-04 16:34 197120 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEX2KUSB.DLL + 2011-10-04 19:27 . 2004-03-04 15:34 197120 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEX2KUSB.DLL - 2005-01-06 07:24 . 2005-01-06 07:24 380928 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUTIL.DLL + 2011-10-04 19:27 . 2004-05-27 09:08 380928 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUTIL.DLL + 2011-10-04 19:27 . 2004-05-27 09:24 100352 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUN5C.EXE + 2011-10-04 19:27 . 2004-05-27 09:23 859136 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCSTRN.DLL - 2005-01-06 07:51 . 2005-01-06 07:51 859136 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCSTRN.DLL - 2004-03-09 12:38 . 2004-03-09 12:38 229376 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcsk0.dll + 2011-10-04 19:27 . 2004-03-09 11:38 229376 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcsk0.dll + 2011-10-04 19:27 . 2004-04-01 14:30 118784 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWX.EXE - 2004-04-01 15:30 . 2004-04-01 15:30 118784 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWX.EXE + 2011-10-04 19:27 . 2004-05-27 09:06 610304 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWR.DLL - 2005-01-06 07:21 . 2005-01-06 07:21 610304 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWR.DLL - 2005-01-06 07:42 . 2005-01-06 07:42 303104 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSW.DLL + 2011-10-04 19:27 . 2004-05-27 09:19 303104 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSW.DLL + 2011-10-04 19:27 . 2004-05-27 09:21 450560 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRP.DLL - 2005-01-06 07:48 . 2005-01-06 07:48 450560 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRP.DLL + 2011-10-04 19:27 . 2004-05-27 09:17 839680 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPA.DLL - 2005-01-06 07:39 . 2005-01-06 07:39 839680 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPA.DLL + 2011-10-04 19:27 . 2004-05-27 09:06 479232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWR.DLL - 2005-01-06 07:20 . 2005-01-06 07:20 479232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWR.DLL + 2011-10-04 19:27 . 2004-05-27 09:09 126976 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSW.DLL - 2005-01-06 07:25 . 2005-01-06 07:25 126976 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSW.DLL + 2011-10-04 19:27 . 2004-02-03 18:59 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCICUR.DLL - 2004-02-03 19:59 . 2004-02-03 19:59 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCICUR.DLL + 2011-10-04 19:27 . 2004-01-28 12:14 983101 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCGF.DLL - 2004-01-28 13:14 . 2004-01-28 13:14 983101 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCGF.DLL + 2011-10-04 19:27 . 2004-02-03 18:56 198144 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCFC5C.DLL - 2004-02-03 19:56 . 2004-02-03 19:56 198144 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCFC5C.DLL - 1998-10-06 22:12 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll + 2011-10-04 19:27 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll + 2011-10-04 19:27 . 2004-02-02 19:08 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL - 2004-02-02 20:08 . 2004-02-02 20:08 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL + 2011-10-04 19:27 . 2000-02-09 12:35 170496 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe - 2000-02-09 13:35 . 2000-02-09 13:35 170496 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe - 2005-01-06 07:24 . 2005-01-06 07:24 380928 c:\windows\system32\spool\drivers\w32x86\3\DLBCUTIL.DLL + 2011-10-04 19:27 . 2004-05-27 09:08 380928 c:\windows\system32\spool\drivers\w32x86\3\DLBCUTIL.DLL + 2011-10-04 19:27 . 2004-05-27 09:24 100352 c:\windows\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE + 2011-10-04 19:27 . 2004-05-27 09:23 859136 c:\windows\system32\spool\drivers\w32x86\3\DLBCSTRN.DLL - 2005-01-06 07:51 . 2005-01-06 07:51 859136 c:\windows\system32\spool\drivers\w32x86\3\DLBCSTRN.DLL - 2004-03-09 12:38 . 2004-03-09 12:38 229376 c:\windows\system32\spool\drivers\w32x86\3\dlbcsk0.dll + 2011-10-04 19:27 . 2004-03-09 11:38 229376 c:\windows\system32\spool\drivers\w32x86\3\dlbcsk0.dll - 2004-04-01 15:30 . 2004-04-01 15:30 118784 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWX.EXE + 2011-10-04 19:27 . 2004-04-01 14:30 118784 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWX.EXE + 2011-10-04 19:27 . 2004-05-27 09:06 610304 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWR.DLL - 2005-01-06 07:21 . 2005-01-06 07:21 610304 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWR.DLL - 2005-01-06 07:42 . 2005-01-06 07:42 303104 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSW.DLL + 2011-10-04 19:27 . 2004-05-27 09:19 303104 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSW.DLL + 2011-10-04 19:27 . 2004-05-27 09:21 450560 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRP.DLL - 2005-01-06 07:48 . 2005-01-06 07:48 450560 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRP.DLL + 2011-10-04 19:27 . 2004-05-27 09:17 839680 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPA.DLL - 2005-01-06 07:39 . 2005-01-06 07:39 839680 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPA.DLL - 2005-01-06 07:20 . 2005-01-06 07:20 479232 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWR.DLL + 2011-10-04 19:27 . 2004-05-27 09:06 479232 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWR.DLL + 2011-10-04 19:27 . 2004-05-27 09:09 126976 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSW.DLL - 2005-01-06 07:25 . 2005-01-06 07:25 126976 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSW.DLL - 2004-02-03 19:59 . 2004-02-03 19:59 430080 c:\windows\system32\spool\drivers\w32x86\3\DLBCICUR.DLL + 2011-10-04 19:27 . 2004-02-03 18:59 430080 c:\windows\system32\spool\drivers\w32x86\3\DLBCICUR.DLL - 2004-01-28 13:14 . 2004-01-28 13:14 983101 c:\windows\system32\spool\drivers\w32x86\3\DLBCGF.DLL + 2011-10-04 19:27 . 2004-01-28 12:14 983101 c:\windows\system32\spool\drivers\w32x86\3\DLBCGF.DLL - 2004-02-03 19:56 . 2004-02-03 19:56 198144 c:\windows\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL + 2011-10-04 19:27 . 2004-02-03 18:56 198144 c:\windows\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL - 2004-03-04 16:25 . 2004-03-04 16:25 201216 c:\windows\system32\LEXP2P32.DLL + 2004-03-04 16:25 . 2004-03-04 15:25 201216 c:\windows\system32\LEXP2P32.DLL + 2003-03-26 19:29 . 2003-03-26 18:29 192512 c:\windows\system32\lexlmpm.dll - 2003-03-26 19:29 . 2003-03-26 19:29 192512 c:\windows\system32\lexlmpm.dll - 2004-03-04 16:27 . 2004-03-04 16:27 147456 c:\windows\system32\LEXBCE.DLL + 2004-03-04 16:27 . 2004-03-04 15:27 147456 c:\windows\system32\LEXBCE.DLL - 2004-03-04 16:34 . 2004-03-04 16:34 197120 c:\windows\system32\LEX2KUSB.DLL + 2004-03-04 16:34 . 2004-03-04 15:34 197120 c:\windows\system32\LEX2KUSB.DLL + 2011-10-04 19:27 . 2004-05-27 09:07 2015232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRPR.DLL - 2005-01-06 07:21 . 2005-01-06 07:21 2015232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRPR.DLL + 2011-10-04 19:27 . 2004-05-27 09:06 5419008 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPAR.DLL - 2005-01-06 07:21 . 2005-01-06 07:21 5419008 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPAR.DLL - 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR3.DLL + 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR3.DLL + 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR2.DLL - 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR2.DLL + 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR1.DLL - 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR1.DLL + 2011-10-04 19:27 . 2004-05-27 09:07 2015232 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRPR.DLL - 2005-01-06 07:21 . 2005-01-06 07:21 2015232 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRPR.DLL + 2011-10-04 19:27 . 2004-05-27 09:06 5419008 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPAR.DLL - 2005-01-06 07:21 . 2005-01-06 07:21 5419008 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPAR.DLL + 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR3.DLL - 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR3.DLL - 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR2.DLL + 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR2.DLL + 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR1.DLL - 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR1.DLL . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320] "RTHDCPL"="RTHDCPL.EXE" [2005-02-22 13783040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976] "VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-06 155648] "Wireless Adapter Manager"="c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-17 530296] "AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2008-09-22 40960] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-3-5 28672] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-18 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\Anthua\\My Documents\\Downloads\\TDS extracted\\TDSSKiller.exe"= "c:\\WINDOWS\\system32\\dwwin.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbob.exe"= "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"= . R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 7:43 PM 47360] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . Contents of the 'Scheduled Tasks' folder . 2011-09-01 c:\windows\Tasks\Java update check.job - c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-11-19 09:27] . 2005-09-22 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 FF - ProfilePath - c:\documents and settings\Anthua\Application Data\Mozilla\Firefox\Profiles\9mi3mtl9.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-06 15:15 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(836) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\system32\VESWinlogon.dll . - - - - - - - > 'explorer.exe'(3580) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-10-06 15:20:49 ComboFix-quarantined-files.txt 2011-10-06 19:20 ComboFix2.txt 2011-10-03 22:06 . Pre-Run: 28,144,541,696 bytes free Post-Run: 28,123,430,912 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE [spybotsd] timeout.old=30 . - - End Of File - - 28C14C18676B6E6599E7B0854F6CB814 I have two other major issues: 1) I cannot control the volume with my keyboard (ie. I used to be able to hit Fn --> F2 to turn speakers on/off). 2) I cannot delete desktop items that we tried to delete the malware with ie. h5ceuzrc.exe and sega.com say that 'access is restricted' Do you think the malware did this? I already had to re-install my printer!
  2. No problem, thanks for getting back to me. So here's the combofix log ComboFix 11-09-29.06 - Anthua 10/03/2011 17:36:39.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.285 [GMT -4:00] Running from: c:\documents and settings\Anthua\Desktop\segaa.com AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ExecAfterFirstBoot.exe.e14e59e8.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL3F.tmp.f7e2aef4.ini c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLD6.tmp.7a0f7bd3.ini c:\documents and settings\All Users\Application Data\aywq.exe c:\documents and settings\All Users\Application Data\cvxw.exe c:\documents and settings\All Users\Application Data\cyph.exe c:\documents and settings\All Users\Application Data\defender.exe c:\documents and settings\All Users\Application Data\fasx.exe c:\documents and settings\All Users\Application Data\fjex.exe c:\documents and settings\All Users\Application Data\fkfr.exe c:\documents and settings\All Users\Application Data\gygs.exe c:\documents and settings\All Users\Application Data\jesr.exe c:\documents and settings\All Users\Application Data\jhde.exe c:\documents and settings\All Users\Application Data\lcnx.exe c:\documents and settings\All Users\Application Data\ncoh.exe c:\documents and settings\All Users\Application Data\obwp.exe c:\documents and settings\All Users\Application Data\osxi.exe c:\documents and settings\All Users\Application Data\rlvn.exe c:\documents and settings\All Users\Application Data\tkbk.exe c:\documents and settings\All Users\Application Data\vkaj.exe c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\ExecAfterFirstBoot.exe.e14e59e8.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL10.tmp.fcfe1268.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL2E.tmp.231a1edc.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.f55a211a.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL3F.tmp.f7e2aef4.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL5F.tmp.a98ba19a.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL7.tmp.7173c420.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL75.tmp.d5a634e7.ini c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SLD6.tmp.7a0f7bd3.ini c:\documents and settings\Anthua\WINDOWS c:\windows\$NtUninstallKB46928$ c:\windows\$NtUninstallKB46928$\1803363282\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} c:\windows\$NtUninstallKB46928$\1803363282\click.tlb c:\windows\$NtUninstallKB46928$\1803363282\L\gmjfyemo c:\windows\$NtUninstallKB46928$\1803363282\loader.tlb c:\windows\$NtUninstallKB46928$\1803363282\U\@00000001 c:\windows\$NtUninstallKB46928$\1803363282\U\@000000c0 c:\windows\$NtUninstallKB46928$\1803363282\U\@000000cb c:\windows\$NtUninstallKB46928$\1803363282\U\@000000cf c:\windows\$NtUninstallKB46928$\1803363282\U\@80000000 c:\windows\$NtUninstallKB46928$\1803363282\U\@800000c0 c:\windows\$NtUninstallKB46928$\1803363282\U\@800000cb c:\windows\$NtUninstallKB46928$\1803363282\U\@800000cf c:\windows\$NtUninstallKB46928$\3712226711 c:\windows\kb835221.exe c:\windows\system32\c_17133.nls c:\windows\windows-kb870669-x86-enu.exe c:\windows\windowsxp-kb307154-x86-enu.exe c:\windows\windowsxp-kb867282-x86-enu.exe c:\windows\windowsxp-kb873333-x86-enu.exe c:\windows\windowsxp-kb884018-x86-enu.exe c:\windows\windowsxp-kb884575-x86-enu.exe c:\windows\windowsxp-kb885250-x86-enu.exe c:\windows\windowsxp-kb885835-x86-enu.exe c:\windows\windowsxp-kb885836-x86-enu.exe c:\windows\windowsxp-kb886185-x86-enu.exe c:\windows\windowsxp-kb887472-x86-enu.exe c:\windows\windowsxp-kb887742-x86-enu.exe c:\windows\windowsxp-kb888113-x86-enu.exe c:\windows\windowsxp-kb888239-x86-enu.exe c:\windows\windowsxp-kb888302-x86-enu.exe c:\windows\windowsxp-kb890047-x86-enu.exe c:\windows\windowsxp-kb890175-x86-enu.exe c:\windows\windowsxp-kb891781-x86-enu.exe . Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected Restored copy from - The cat found it Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected Restored copy from - c:\windows\system32\dllcache\wuauclt.exe . Infected copy of c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE was found and disinfected Restored copy from - c:\system volume information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP1361\A0091676.EXE . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TDSSSERV -------\Service_6b7d23d2 . . ((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 ))))))))))))))))))))))))))))))) . . 2011-10-03 21:51 . 2003-07-28 17:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2011-10-03 21:30 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2011-10-03 21:30 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-17 18:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-09-17 18:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-13 03:22 . 2011-09-13 03:22 50112 --sha-w- c:\windows\system32\c_17133.nl_ 2011-09-11 03:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2011-09-11 03:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-09-11 02:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2011-09-11 02:18 . 2011-10-03 21:24 -------- d-----w- C:\ComboFix 2011-09-09 18:54 . 2011-09-11 23:29 -------- d-----w- c:\windows\SxsCaPendDel 2011-09-08 01:36 . 2011-09-08 01:36 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp 2011-09-05 18:30 . 2011-09-08 01:43 -------- d-----w- c:\program files\Windows Defender 2011-09-05 05:22 . 2011-09-18 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-09 09:12 . 2005-03-09 19:19 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\vokj.exe 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\kvdi.exe 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\grrd.exe 2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\fxmg.exe 2011-07-15 13:29 . 2005-03-09 19:19 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2005-03-09 19:19 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2011-07-05 18:59 . 2011-07-05 18:59 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320] "RTHDCPL"="RTHDCPL.EXE" [2005-02-22 13783040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976] "VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-06 155648] "Wireless Adapter Manager"="c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-17 530296] "AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2008-09-22 40960] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-3-5 28672] dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-4-23 315392] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-18 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\utorrent\\utorrent.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\Anthua\\My Documents\\Downloads\\TDS extracted\\TDSSKiller.exe"= "c:\\WINDOWS\\system32\\dwwin.exe"= "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbob.exe"= "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"= . R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 7:43 PM 47360] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] . Contents of the 'Scheduled Tasks' folder . 2011-09-01 c:\windows\Tasks\Java update check.job - c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-11-19 09:27] . 2005-09-22 c:\windows\Tasks\Registration reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 FF - ProfilePath - c:\documents and settings\Anthua\Application Data\Mozilla\Firefox\Profiles\9mi3mtl9.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . SafeBoot-95417315.sys SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard SafeBoot-svcWRSSSDK AddRemove-Kaplan's DAT DTB - c:\program files\Kaplan\Kaplan's DAT DTB\DeIsL1.isu . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-03 17:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(840) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\system32\VESWinlogon.dll . - - - - - - - > 'explorer.exe'(3136) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\RTHDCPL.EXE c:\program files\Citrix\ICA Client\wfcrun32.exe c:\program files\Apoint\Apntex.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2011-10-03 18:06:03 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-03 22:05 . Pre-Run: 27,861,790,720 bytes free Post-Run: 28,188,213,248 bytes free . - - End Of File - - F65E87E94E7603ADF45BC5C41945ED78 the program said something about a rootkit, sounds bad. do you know if the virus was removed?
  3. could not run combofix, windows could not find the file: this is exactly what I typed; "%userprofile%\desktop\sega.com"/killall Did I type a quotation mark out of place or use / or \ at wrong places? I ran combofix from the desktop in safe mode (just clicked sega.com icon). Program ran a few seconds and shut down. computer will now allow me to delete sega.com, and I 'dont have the appropriate permission' to access it now. Am I going to need to take my computer somewhere? thanks
  4. Hi! Did not work! I did place inherit.exe next to mbam.exe. However, I could not move the AVGuninstaller program into the malwarebytes program folder (windows will not allow it). Instead, I placed the inherit.exe in my mozilla firefox download folder. I placed the uninstall program onto the inherit.exe file, it said 'ok', but once I ran AVGuninstall it was again promptly halted. I suspect I won't be able to delete this second version of avg_remover_stf_x86 once I reboot the computer. I also can't delete h5ceuzrc.exe (I used this program when trying to follow your standard protocol from your other forum). Should I try any of this in safe mode? I have no idea what else to do. I'm sorry for the trouble. Please let me know if you have any other suggestions. Thanks.
  5. I ran the AVG removal program. It was interrupted/shut down in the middle of its running. After the reboot, the program was not gone. When I tried to run the removal program again, it said 'windows cannot access the specified device, path, or file, you may not have the appropriate permission. So it looks like the virus is hidden in AVG? it produced a log, here it is; 2011-09-14 16:45:18,703 INFO AvgRemover 2012.0.5 ------------------------------------------------------- 2011-09-14 16:45:18,812 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013) 2011-09-14 16:45:18,812 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d) 2011-09-14 16:45:18,812 INFO Command line: "C:\Documents and Settings\Anthua\My Documents\Downloads\avg_remover_stf_x86_2012_1796.exe" 2011-09-14 16:45:18,812 DEBUG AvgDir param set to C:\Program Files\AVG\AVG8. 2011-09-14 16:45:18,812 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg8. 2011-09-14 16:45:26,796 INFO AvgRemover runs in attempt number 1 2011-09-14 16:45:26,796 INFO Attempting to unregister AVG from the Windows Security Center. 2011-09-14 16:45:26,828 INFO Attempting to uninstall toolbar 2011-09-14 16:45:26,828 INFO ***** Msi data ***** 2011-09-14 16:45:26,984 DEBUG No product code found for our upgrade codes, nothing to do here 2011-09-14 16:45:26,984 INFO ***** Exchange&Outlook plugins data ***** 2011-09-14 16:45:26,984 INFO Removing AvgOutlook addin 2011-09-14 16:45:26,984 INFO AvgOutlook Removing HKCR addin keys x86 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d 2011-09-14 16:45:26,984 INFO AvgOutlook Removing HKCR addin keys x64 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d 2011-09-14 16:45:26,984 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d 2011-09-14 16:45:26,984 INFO Removing Sharepoint plugin if exists 2011-09-14 16:45:26,984 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013 2011-09-14 16:45:26,984 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013 2011-09-14 16:45:26,984 INFO Removing Antispam plugin for Exchange 2000/2003 if exists 2011-09-14 16:45:26,984 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin... 2011-09-14 16:45:26,984 DEBUG Service MSExchangeIS Stop failed (error: c0070424) 2011-09-14 16:45:26,984 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424 2011-09-14 16:45:26,984 INFO ***** Services ***** 2011-09-14 16:45:27,015 INFO Processing service avgfws8, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service avg8wd, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgWFPx, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgWFPa, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service avg9wd, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgMfx86, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgMfx64, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgLdx64, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgTdiX, it can take several minutes... 2011-09-14 16:45:27,015 INFO Processing service AvgTdiA, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AvgWfpX, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AvgWfpA, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AvgRkx86, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AvgRkx64, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service avg9emc, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service avgfws9, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service avgfws, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AVGIDSAgent, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AVGIDSWatcher, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AVGIDSShimxpx, it can take several minutes... 2011-09-14 16:45:27,031 INFO Processing service AVGIDSFilterxpx, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverxpx, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSShimvtx, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSFiltervtx, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSFiltervta, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSDrivervta, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSShimw7x, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSFilterw7x, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverw7x, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSFilterw7a, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverw7a, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSErHrxpx, it can take several minutes... 2011-09-14 16:45:27,046 INFO Processing service AVGIDSErHrvtx, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrvta, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrw7x, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrw7a, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service avgwd, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service avg8emc, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service AvgLdx86, it can take several minutes... 2011-09-14 16:45:27,062 INFO Processing service AVGIDSDrivervtx, it can take several minutes... 2011-09-14 16:45:27,093 INFO Service AVGIDSErHrw7x is not installed 2011-09-14 16:45:27,093 DEBUG Service AVGIDSErHrw7x RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service AVGIDSErHrw7x are not present 2011-09-14 16:45:27,093 INFO Service avg8emc is not installed 2011-09-14 16:45:27,093 DEBUG Service avg8emc RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service avg8emc are not present 2011-09-14 16:45:27,093 INFO Service avgfws8 is not installed 2011-09-14 16:45:27,093 DEBUG Service avgfws8 RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service avgfws8 are not present 2011-09-14 16:45:27,093 INFO Service avg8wd is not installed 2011-09-14 16:45:27,093 DEBUG Service avg8wd RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service avg8wd are not present 2011-09-14 16:45:27,093 INFO Service AvgWFPx is not installed 2011-09-14 16:45:27,093 DEBUG Service AvgWFPx RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service AvgWFPx are not present 2011-09-14 16:45:27,093 INFO Service AvgWFPa is not installed 2011-09-14 16:45:27,093 DEBUG Service AvgWFPa RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service AvgWFPa are not present 2011-09-14 16:45:27,093 INFO Service AVGIDSDrivervtx is not installed 2011-09-14 16:45:27,093 DEBUG Service AVGIDSDrivervtx RegCleanup 2011-09-14 16:45:27,093 DEBUG Registry keys for service AVGIDSDrivervtx are not present 2011-09-14 16:45:27,093 INFO Service avg9wd is not installed 2011-09-14 16:45:27,109 DEBUG Service avg9wd RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service avg9wd are not present 2011-09-14 16:45:27,109 DEBUG Service AvgLdx86 Stop 2011-09-14 16:45:27,109 INFO Service AvgMfx64 is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgMfx64 RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgMfx64 are not present 2011-09-14 16:45:27,109 INFO Service AvgLdx64 is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgLdx64 RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgLdx64 are not present 2011-09-14 16:45:27,109 INFO Service AvgTdiA is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgTdiA RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgTdiA are not present 2011-09-14 16:45:27,109 INFO Service AvgWfpX is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgWfpX RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgWfpX are not present 2011-09-14 16:45:27,109 INFO Service AvgWfpA is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgWfpA RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgWfpA are not present 2011-09-14 16:45:27,109 INFO Service AvgRkx86 is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgRkx86 RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgRkx86 are not present 2011-09-14 16:45:27,109 INFO Service AvgRkx64 is not installed 2011-09-14 16:45:27,109 DEBUG Service AvgRkx64 RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgRkx64 are not present 2011-09-14 16:45:27,109 INFO Service avg9emc is not installed 2011-09-14 16:45:27,109 DEBUG Service avg9emc RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service avg9emc are not present 2011-09-14 16:45:27,109 INFO Service avgfws9 is not installed 2011-09-14 16:45:27,109 DEBUG Service avgfws9 RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service avgfws9 are not present 2011-09-14 16:45:27,109 INFO Service avgfws is not installed 2011-09-14 16:45:27,109 DEBUG Service avgfws RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service avgfws are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSAgent is not installed 2011-09-14 16:45:27,109 DEBUG Service AVGIDSAgent RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSAgent are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSWatcher is not installed 2011-09-14 16:45:27,109 DEBUG Service AVGIDSWatcher RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSWatcher are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSShimxpx is not installed 2011-09-14 16:45:27,109 DEBUG Service AVGIDSShimxpx RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSShimxpx are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSFilterxpx is not installed 2011-09-14 16:45:27,109 DEBUG Service AVGIDSFilterxpx RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSFilterxpx are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSDriverxpx is not installed 2011-09-14 16:45:27,109 DEBUG Service AVGIDSDriverxpx RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSDriverxpx are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSShimvtx is not installed 2011-09-14 16:45:27,109 DEBUG Service AVGIDSShimvtx RegCleanup 2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSShimvtx are not present 2011-09-14 16:45:27,109 INFO Service AVGIDSFiltervtx is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSFiltervtx RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFiltervtx are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSFiltervta is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSFiltervta RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFiltervta are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSDrivervta is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSDrivervta RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDrivervta are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSShimw7x is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSShimw7x RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSShimw7x are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSFilterw7x is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSFilterw7x RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFilterw7x are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSDriverw7x is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSDriverw7x RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDriverw7x are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSFilterw7a is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSFilterw7a RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFilterw7a are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSDriverw7a is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSDriverw7a RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDriverw7a are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSErHrxpx is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrxpx RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrxpx are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSErHrvtx is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrvtx RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrvtx are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSErHrvta is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrvta RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrvta are not present 2011-09-14 16:45:27,125 INFO Service AVGIDSErHrw7a is not installed 2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrw7a RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrw7a are not present 2011-09-14 16:45:27,125 INFO Service avgwd is not installed 2011-09-14 16:45:27,125 DEBUG Service avgwd RegCleanup 2011-09-14 16:45:27,125 DEBUG Registry keys for service avgwd are not present 2011-09-14 16:45:27,125 DEBUG Service AvgMfx86 Stop 2011-09-14 16:45:27,125 DEBUG Service AvgTdiX Stop 2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Stop failed (error: c007041c), RESTART planned 2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Stop failed 2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Delete 2011-09-14 16:45:27,328 DEBUG Service AvgMfx86 Delete 2011-09-14 16:45:27,328 DEBUG Service AvgLdx86 Delete 2011-09-14 16:45:27,343 DEBUG Service AvgTdiX Delete failed (error: c007041c) 2011-09-14 16:45:27,343 DEBUG Service AvgTdiX Delete failed 2011-09-14 16:45:27,343 DEBUG Service AvgTdiX RegCleanup 2011-09-14 16:45:27,687 DEBUG Service AvgLdx86 RegCleanup 2011-09-14 16:45:27,687 DEBUG Service AvgMfx86 RegCleanup 2011-09-14 16:45:28,140 DEBUG Restart is needed (restart counter: 1) 2011-09-14 16:45:28,140 INFO ***** Avg Fw NDIS driver(separate process) ***** 2011-09-14 16:45:28,625 INFO AvgRemover 2012.0.5 ------------------------------------------------------- 2011-09-14 16:45:28,640 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013) 2011-09-14 16:45:28,640 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d) 2011-09-14 16:45:28,640 INFO Command line: "C:\Documents and Settings\Anthua\My Documents\Downloads\avg_remover_stf_x86_2012_1796.exe" /ndisonly /skipask 2011-09-14 16:45:28,640 DEBUG AvgDir param set to C:\Program Files\AVG\AVG8. 2011-09-14 16:45:28,640 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg8. 2011-09-14 16:45:28,640 INFO AvgRemover runs in attempt number 1 2011-09-14 16:45:28,640 INFO ***** Avg Fw NDIS driver ***** 2011-09-14 16:45:28,640 INFO ...this operation can take several minutes... 2011-09-14 16:45:28,640 INFO FW removing policy 2011-09-14 16:45:28,640 INFO FW policy: deleting value 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\program files\avg\avg8\avgupd.exe' 2011-09-14 16:45:33,250 INFO FW NDIS driver not present 2011-09-14 16:45:33,281 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1 2011-09-14 16:45:33,281 INFO ***** end of Fw NDIS separated process ***** 2011-09-14 16:45:33,281 INFO ***** Drivers ***** 2011-09-14 16:45:33,281 DEBUG Deleting driver 'avgldx86'... 2011-09-14 16:45:40,687 DEBUG Deleting driver 'avgmfx86'... 2011-09-14 16:45:41,421 DEBUG Deleting driver 'avgtdix'... 2011-09-14 16:45:41,796 INFO ***** Running AVG process ***** Is there anything else I can try? I didn't even bother with combofix yet. thanks again, this is a nasty one.
  6. An issue with running combofix. - I uninstalled all antivirus programs except one (AVG) When I tried to run combofix: - I was warned AVG real time was still running and could interfere with combofix resulting in system damage - I turned off AVG but the real time still runs - I uninstalled AVG, but when the computer was restarted it came back??? That being said, should I still run combofix with that error? (combofix says it can run at my own risk). What do you suggest? Thank you.
  7. thanks for replying 2011/09/07 21:44:54.0734 2896 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56 2011/09/07 21:44:55.0390 2896 ================================================================================ 2011/09/07 21:44:55.0390 2896 SystemInfo: 2011/09/07 21:44:55.0390 2896 2011/09/07 21:44:55.0390 2896 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/07 21:44:55.0390 2896 Product type: Workstation 2011/09/07 21:44:55.0390 2896 ComputerName: A25BD8260D5F438 2011/09/07 21:44:55.0390 2896 UserName: Anthua 2011/09/07 21:44:55.0390 2896 Windows directory: C:\WINDOWS 2011/09/07 21:44:55.0390 2896 System windows directory: C:\WINDOWS 2011/09/07 21:44:55.0406 2896 Processor architecture: Intel x86 2011/09/07 21:44:55.0406 2896 Number of processors: 1 2011/09/07 21:44:55.0406 2896 Page size: 0x1000 2011/09/07 21:44:55.0406 2896 Boot type: Normal boot 2011/09/07 21:44:55.0406 2896 ================================================================================ 2011/09/07 21:44:57.0390 2896 Initialize success 2011/09/07 21:44:58.0828 3072 ================================================================================ 2011/09/07 21:44:58.0828 3072 Scan started 2011/09/07 21:44:58.0828 3072 Mode: Manual; 2011/09/07 21:44:58.0828 3072 ================================================================================ 2011/09/07 21:45:01.0609 3072 6b7d23d2 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\3525541227:2491604013.exe 2011/09/07 21:45:05.0671 3072 Suspicious file (Hidden): C:\WINDOWS\3525541227:2491604013.exe. md5: 8f2bb1827cac01aee6a16e30a1260199 2011/09/07 21:45:05.0687 3072 6b7d23d2 - detected HiddenFile.Multi.Generic (1) 2011/09/07 21:45:05.0890 3072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/07 21:45:05.0937 3072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/09/07 21:45:06.0015 3072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/07 21:45:06.0093 3072 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/09/07 21:45:06.0156 3072 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/09/07 21:45:06.0359 3072 AnyDVD (22b2e9cd92611f64618c9824dc234a60) C:\WINDOWS\system32\Drivers\AnyDVD.sys 2011/09/07 21:45:06.0421 3072 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/09/07 21:45:06.0531 3072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/09/07 21:45:06.0671 3072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/07 21:45:06.0734 3072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/07 21:45:06.0812 3072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/07 21:45:06.0859 3072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/07 21:45:06.0937 3072 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys 2011/09/07 21:45:06.0984 3072 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys 2011/09/07 21:45:07.0046 3072 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys 2011/09/07 21:45:07.0125 3072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/07 21:45:07.0218 3072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/07 21:45:07.0359 3072 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/07 21:45:07.0421 3072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/07 21:45:07.0484 3072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/07 21:45:07.0531 3072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/07 21:45:07.0593 3072 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/09/07 21:45:07.0656 3072 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/09/07 21:45:07.0765 3072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/07 21:45:07.0859 3072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/07 21:45:07.0937 3072 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 2011/09/07 21:45:08.0046 3072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/07 21:45:08.0203 3072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/07 21:45:08.0359 3072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/07 21:45:08.0515 3072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/07 21:45:08.0578 3072 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/09/07 21:45:08.0687 3072 ElbyCDIO (cd35088d84a17ca694658a3cb0ebd13c) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 2011/09/07 21:45:08.0812 3072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/07 21:45:08.0875 3072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/09/07 21:45:08.0921 3072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/07 21:45:08.0953 3072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/09/07 21:45:09.0000 3072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/07 21:45:09.0031 3072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/07 21:45:09.0078 3072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/07 21:45:09.0140 3072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/07 21:45:09.0203 3072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/07 21:45:09.0296 3072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/07 21:45:09.0390 3072 HSFHWAZL (3d812d0de9344bc9bd1a1b8575b883db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/09/07 21:45:09.0656 3072 HSF_DP (0e130bec5a13cf68adaa216ab55a8dff) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/09/07 21:45:09.0750 3072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/07 21:45:09.0859 3072 i8042prt (58449fff9a05f9632c11baf723cf5ba8) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/07 21:45:09.0859 3072 i8042prt - detected Rootkit.Win32.ZAccess.e (0) 2011/09/07 21:45:10.0031 3072 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/09/07 21:45:10.0171 3072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/07 21:45:10.0406 3072 IntcAzAudAddService (93903ddd430db2fc61cbeeb2be651e9f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/09/07 21:45:10.0546 3072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/09/07 21:45:10.0609 3072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/09/07 21:45:10.0656 3072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/07 21:45:10.0796 3072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/07 21:45:10.0859 3072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/07 21:45:10.0921 3072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/07 21:45:11.0000 3072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/07 21:45:11.0046 3072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/07 21:45:11.0125 3072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/07 21:45:11.0156 3072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/07 21:45:11.0203 3072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/07 21:45:11.0296 3072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/07 21:45:11.0375 3072 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/09/07 21:45:11.0468 3072 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/09/07 21:45:11.0531 3072 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/09/07 21:45:11.0593 3072 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/09/07 21:45:11.0640 3072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/07 21:45:11.0687 3072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/07 21:45:11.0765 3072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/07 21:45:11.0781 3072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/07 21:45:11.0828 3072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/07 21:45:11.0921 3072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/07 21:45:12.0015 3072 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/07 21:45:12.0078 3072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/07 21:45:12.0125 3072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/07 21:45:12.0156 3072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/07 21:45:12.0187 3072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/07 21:45:12.0234 3072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/07 21:45:12.0296 3072 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/07 21:45:12.0343 3072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/07 21:45:12.0406 3072 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/07 21:45:12.0453 3072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/07 21:45:12.0484 3072 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/07 21:45:12.0531 3072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/07 21:45:12.0640 3072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/07 21:45:12.0671 3072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/07 21:45:12.0718 3072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/07 21:45:12.0765 3072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/07 21:45:12.0796 3072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/07 21:45:12.0890 3072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/09/07 21:45:12.0937 3072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/07 21:45:13.0312 3072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/07 21:45:13.0437 3072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/07 21:45:13.0656 3072 nv (2d09525d0f4f373397893f45b2e4e9ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/07 21:45:13.0859 3072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/07 21:45:13.0890 3072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/07 21:45:14.0015 3072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/09/07 21:45:14.0093 3072 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/09/07 21:45:14.0140 3072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/09/07 21:45:14.0171 3072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/07 21:45:14.0218 3072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/07 21:45:14.0250 3072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/07 21:45:14.0312 3072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/07 21:45:14.0343 3072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/09/07 21:45:14.0406 3072 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys 2011/09/07 21:45:14.0781 3072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/07 21:45:14.0843 3072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/07 21:45:14.0890 3072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/07 21:45:14.0937 3072 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/09/07 21:45:15.0000 3072 QCDonner (18b6755475f560dfffda079495cffd7c) C:\WINDOWS\system32\DRIVERS\LVCD.sys 2011/09/07 21:45:15.0203 3072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/07 21:45:15.0234 3072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/07 21:45:15.0265 3072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/07 21:45:15.0296 3072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/07 21:45:15.0343 3072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/07 21:45:15.0453 3072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/07 21:45:15.0546 3072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/07 21:45:15.0625 3072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/07 21:45:15.0703 3072 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/09/07 21:45:15.0812 3072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/07 21:45:15.0859 3072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/09/07 21:45:15.0921 3072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/09/07 21:45:16.0015 3072 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/07 21:45:16.0156 3072 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys 2011/09/07 21:45:16.0250 3072 SONYTVC (2100a5cc7dd75a5a0dba3cb9eb4f16bb) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys 2011/09/07 21:45:16.0359 3072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/07 21:45:16.0421 3072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/07 21:45:16.0484 3072 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/07 21:45:16.0562 3072 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/07 21:45:16.0609 3072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/07 21:45:16.0687 3072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/07 21:45:16.0875 3072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/07 21:45:16.0937 3072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/07 21:45:17.0031 3072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/07 21:45:17.0109 3072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/07 21:45:17.0125 3072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/07 21:45:17.0203 3072 tifmsony (fb481e8cd426d0e5f96a838a47390c94) C:\WINDOWS\system32\drivers\tifmsony.sys 2011/09/07 21:45:17.0281 3072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/07 21:45:17.0375 3072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/07 21:45:17.0546 3072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/07 21:45:17.0625 3072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/07 21:45:17.0671 3072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/07 21:45:17.0718 3072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/07 21:45:17.0750 3072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/07 21:45:17.0812 3072 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/07 21:45:17.0875 3072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/09/07 21:45:17.0968 3072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/07 21:45:18.0031 3072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/07 21:45:18.0218 3072 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/09/07 21:45:18.0453 3072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/07 21:45:18.0546 3072 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/09/07 21:45:18.0625 3072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/07 21:45:18.0750 3072 winachsf (c08fad1207bb219bdf9eec30afc1809e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/09/07 21:45:18.0843 3072 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/07 21:45:18.0906 3072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/07 21:45:18.0953 3072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/07 21:45:19.0234 3072 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys 2011/09/07 21:45:19.0281 3072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 2011/09/07 21:45:19.0453 3072 Boot (0x1200) (887e43c46e9611c62e6a9f758ead4853) \Device\Harddisk0\DR0\Partition0 2011/09/07 21:45:19.0468 3072 ================================================================================ 2011/09/07 21:45:19.0468 3072 Scan finished 2011/09/07 21:45:19.0468 3072 ================================================================================ 2011/09/07 21:45:19.0484 3056 Detected object count: 2 2011/09/07 21:45:19.0484 3056 Actual detected object count: 2 2011/09/07 21:45:21.0531 3056 HiddenFile.Multi.Generic(6b7d23d2) - User select action: Skip 2011/09/07 21:45:21.0578 3056 i8042prt (58449fff9a05f9632c11baf723cf5ba8) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/07 21:45:21.0593 3056 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813 2011/09/07 21:45:25.0546 3056 Backup copy found, using it.. 2011/09/07 21:45:25.0562 3056 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured after reboot 2011/09/07 21:45:25.0562 3056 Rootkit.Win32.ZAccess.e(i8042prt) - User select action: Cure 2011/09/07 21:45:37.0859 3000 Deinitialize success . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18 Run by Anthua at 21:52:42 on 2011-09-07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.31 [GMT -4:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\sony\Wireless adapter\ZDWLan.EXE C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Apoint\Apntex.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [Apoint] "c:\program files\apoint\Apoint.exe" mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe" mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [VZRemoteCommander] "c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe" mRun: [LVCOMS] "c:\program files\common files\logitech\qcdriver\LVCOMS.EXE" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Wireless Adapter Manager] c:\program files\sony\wireless adapter\ZDWLan.EXE -minisize mRun: [AutoEJCD_0ACE20FF] c:\program files\autoinstall\zd1211b_auto_install_cd_only_gen_0ace20ff\AutoEJCD.EXE /VID=0ACE /PID=20FF mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRun: [2906743578] c:\windows\system32\config\systemprofile\local settings\application data\pdo.exe dRun: [2432639790] c:\windows\system32\config\systemprofile\local settings\application data\eio.exe dRun: [2078852255] c:\windows\system32\config\systemprofile\local settings\application data\uor.exe dRun: [781995231] c:\windows\system32\config\systemprofile\local settings\application data\hmg.exe dRun: [3930296170] c:\windows\system32\config\systemprofile\local settings\application data\vrt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: mswsock.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 TCP: Interfaces\{B9BE900E-F2E9-485B-9184-2EE8AC141EA3} : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: VESWinlogon - VESWinlogon.dll Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\anthua\application data\mozilla\firefox\profiles\9mi3mtl9.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-28 64512] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-2 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 108552] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152] S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] . =============== Created Last 30 ================ . 2011-09-08 01:36:58 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp 2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\lcnx.exe 2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\jesr.exe 2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\gygs.exe 2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\fkfr.exe 2011-09-05 16:22:37 0 ----a-w- c:\documents and settings\all users\application data\rlvn.exe 2011-09-05 16:22:36 0 ----a-w- c:\documents and settings\all users\application data\ncoh.exe 2011-09-05 16:22:35 0 ----a-w- c:\documents and settings\all users\application data\jhde.exe 2011-09-05 16:22:34 0 ----a-w- c:\documents and settings\all users\application data\osxi.exe 2011-09-05 05:22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-04 23:38:29 0 ----a-w- c:\documents and settings\all users\application data\vkaj.exe 2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\obwp.exe 2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\fjex.exe 2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\cvxw.exe 2011-09-03 22:50:29 0 ----a-w- c:\documents and settings\all users\application data\fasx.exe 2011-09-03 22:50:28 0 ----a-w- c:\documents and settings\all users\application data\tkbk.exe 2011-09-03 22:50:28 0 ----a-w- c:\documents and settings\all users\application data\aywq.exe 2011-09-03 22:50:27 0 ----a-w- c:\documents and settings\all users\application data\cyph.exe 2011-09-03 14:02:38 0 ----a-w- c:\documents and settings\all users\application data\vokj.exe 2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\kvdi.exe 2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\grrd.exe 2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\fxmg.exe 2011-09-03 11:55:25 4194304 ----a-w- c:\windows\system32\gmjfyemo.dll 2011-09-03 11:54:35 893952 ----a-w- c:\documents and settings\all users\application data\defender.exe . ==================== Find3M ==================== . 2011-09-08 01:46:56 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-06-28 21:21:49 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-20 14:31:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys . ============= FINISH: 21:54:57.37 =============== Looking forward to your reply
  8. Thanks so much for looking at my post. What a mess. - Malwarebytes log: unavailable. I have tried your troubleshooting methods to run the program but it has been shutting down before the scan even starts. Subsequent attempts to access the program yields 'you do not have access to this file'. DEFOGGER defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:25 on 05/09/2011 (Anthua) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- - No DDS.txt file appeared DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 9/22/2005 1:35:34 PM System Uptime: 9/4/2011 10:36:44 PM (2 hours ago) Processor: Intel® Pentium® M processor 1.60GHz | N/A | 1596/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 70 GiB total, 26.583 GiB free. D: is Removable E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1298: 6/8/2011 12:52:49 PM - System Checkpoint RP1299: 6/9/2011 8:14:51 PM - System Checkpoint RP1300: 6/11/2011 8:19:43 AM - System Checkpoint RP1301: 6/17/2011 2:16:35 PM - System Checkpoint RP1302: 6/18/2011 2:31:24 PM - System Checkpoint RP1303: 6/20/2011 9:10:04 AM - System Checkpoint RP1304: 6/28/2011 1:35:59 PM - System Checkpoint RP1305: 6/28/2011 5:11:25 PM - Installed Ad-Aware RP1306: 6/28/2011 5:13:55 PM - Installed Ad-Aware RP1307: 6/29/2011 8:03:00 PM - System Checkpoint RP1308: 6/30/2011 8:25:02 PM - System Checkpoint RP1309: 7/1/2011 8:58:52 PM - System Checkpoint RP1310: 7/2/2011 9:27:25 PM - System Checkpoint RP1311: 7/4/2011 7:48:54 AM - System Checkpoint RP1312: 7/5/2011 9:54:02 AM - System Checkpoint RP1313: 7/6/2011 7:36:36 PM - System Checkpoint RP1314: 7/7/2011 8:43:31 PM - System Checkpoint RP1315: 7/8/2011 9:25:15 PM - System Checkpoint RP1316: 7/10/2011 8:00:55 PM - System Checkpoint RP1317: 7/11/2011 8:04:52 PM - System Checkpoint RP1318: 7/12/2011 8:43:19 PM - System Checkpoint RP1319: 7/18/2011 3:15:58 PM - System Checkpoint RP1320: 7/19/2011 8:23:48 PM - System Checkpoint RP1321: 7/20/2011 9:04:11 PM - System Checkpoint RP1322: 7/25/2011 2:58:40 PM - System Checkpoint RP1323: 7/29/2011 9:43:38 PM - System Checkpoint RP1324: 7/31/2011 7:53:38 AM - System Checkpoint RP1325: 8/1/2011 7:58:21 AM - System Checkpoint RP1326: 8/2/2011 8:25:30 PM - System Checkpoint RP1327: 8/3/2011 9:31:03 PM - System Checkpoint RP1328: 8/5/2011 7:54:58 PM - System Checkpoint RP1329: 8/6/2011 8:43:53 PM - System Checkpoint RP1330: 8/7/2011 9:32:22 PM - System Checkpoint RP1331: 8/8/2011 10:16:47 PM - System Checkpoint RP1332: 8/9/2011 10:39:37 PM - System Checkpoint RP1333: 8/11/2011 6:41:17 PM - System Checkpoint RP1334: 8/12/2011 8:18:19 PM - System Checkpoint RP1335: 8/13/2011 8:22:01 PM - System Checkpoint RP1336: 8/14/2011 9:13:57 PM - System Checkpoint RP1337: 8/15/2011 10:05:37 PM - System Checkpoint RP1338: 8/17/2011 7:35:51 AM - System Checkpoint RP1339: 8/18/2011 7:42:28 AM - System Checkpoint RP1340: 8/19/2011 2:03:27 PM - System Checkpoint RP1341: 8/20/2011 2:38:33 PM - System Checkpoint RP1342: 8/21/2011 3:20:44 PM - System Checkpoint RP1343: 8/22/2011 4:27:24 PM - System Checkpoint RP1344: 8/23/2011 8:17:02 PM - System Checkpoint RP1345: 9/1/2011 2:27:39 PM - System Checkpoint RP1346: 9/2/2011 2:32:09 PM - System Checkpoint . ==== Installed Programs ====================== . AAC Decoder AC3Filter (remove only) Ad-Aware Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0 Adobe Shockwave Player AnyDVD AutoUpdate AVG Free 8.5 Avira AntiVir Personal - Free Antivirus Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX CCleaner (remove only) CDDRV_Installer Citrix online plug-in (Web) Click to DVD 2.0.03 Menu Data Click to DVD 2.4.02 CompTracker 4.7 CompTracker 4.8 Dell Photo Printer 720 Dell Photo Printer 720 Logger DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player Documents To Go DVD Shrink 3.2 DVgate Plus H.264 Decoder High Definition Audio Driver Package - KB835221 HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Image Converter 2 Intel® Graphics Media Accelerator Driver for Mobile Intel® PRO Network Connections Drivers Intel® PROSet/Wireless Software InterVideo WinDVD for VAIO InterVideo WinDVDX ISI ResearchSoft - Export Helper ISScript J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 6 Java Auto Updater Java 6 Update 18 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 Junk Mail filter update Kaplan's DAT DTB KhalInstallWrapper Logitech QuickCam Logitech SetPoint Malwarebytes' Anti-Malware version 1.51.1.1800 mCore mDriver Memory Stick Formatter Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Outlook Connector Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Desktop Engine (VAIO_VEDB) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works MKV Splitter mMHouse MoodLogic Mozilla Firefox (3.6.21) mPfMgr mProSafe MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mWlsSafe mXML Neonatal Resuscitation DVD-ROM Nero 6 Ultra Edition Netscape Internet Service Setup NVIDIA Drivers OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 PDF Manual NW-A600 PictureGear Studio 2.0 QuickTime R.A.L.E. Lung Sounds Demo RealPlayer Realtek High Definition Audio Driver Reference Manager 10 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Setting Utility Series SigmaPlot 8.0 Sonic RecordNow! SonicStage 4.3 SonicStage Mastering Studio Audio Filter Custom Preset Sony Certificate PCH Sony Download Taxi 1.5.0.0 Sony MP4 Shared Library Sony USB Mouse Sony Utilities DLL Sony Video Shared Library SPSS 11.0 for Windows Student Version Spybot - Search & Destroy Spybot - Search & Destroy 1.4 TVUPlayer 2.2.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAIO Control Center VAIO Entertainment Platform VAIO Event Service VAIO Launcher VAIO Light Flo Wallpaper VAIO Media 4.0 VAIO Media AC3 Decoder 1.0 VAIO Media Integrated Server 4.1 VAIO Media Redistribution 4.0 VAIO Media Registration Tool 4.0 VAIO Original Screen Saver VAIO Original Screen Saver VAIO Motion SD Wide Contents VAIO Power Management VAIO Registration VAIO Survey Standalone VAIO TV Tuner Library 1.4 VAIO Update 2 VAIO Wireless Utility VAIO Zone VAIO Zone Remote Commander VC80CRTRedist - 8.0.50727.762 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebEx WebFldrs XP WinAVI Video Converter Windows Backup Utility Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Media Format 11 runtime Windows XP Service Pack 3 WinRAR archiver Wireless Adapter Manager 1.3 Xvid 1.1.2 final uninstall . ==== Event Viewer Messages From Past Week ======== . 9/4/2011 9:24:50 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied. 9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The VAIO Entertainment Database Service service depends on the MSSQL$VAIO_VEDB service which failed to start because of the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless Service service depends on the Intel® PROSet/Wireless Event Log service which failed to start because of the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Image Converter video recording monitor for VAIO Entertainment service depends on the VAIO Entertainment Aggregation and Control Service service which failed to start because of the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Event Service service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment TV Device Arbitration Service service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment Task Scheduler service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment Aggregation and Control Service service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The MSSQL$VAIO_VEDB service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The LexBce Server service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Canon Camera Access Library 8 service failed to start due to the following error: The system cannot find the file specified. 9/4/2011 10:38:21 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service VAIO Entertainment Aggregation and Control Service with arguments "" in order to run the server: {21ADFCC3-710C-492D-847C-342CE7B7BEC4} 9/4/2011 10:31:26 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:31:17 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:31:15 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:30:25 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: Access is denied. 9/4/2011 10:30:01 PM, error: Service Control Manager [7034] - The MSSQL$VAIO_VEDB service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:29:41 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:50 PM, error: Service Control Manager [7034] - The VAIO Entertainment Aggregation and Control Service service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:44 PM, error: Service Control Manager [7034] - The VAIO Entertainment Task Scheduler service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:42 PM, error: Service Control Manager [7034] - The VAIO Entertainment TV Device Arbitration Service service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:40 PM, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:37 PM, error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:32 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:27 PM, error: Service Control Manager [7034] - The Image Converter video recording monitor for VAIO Entertainment service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:25 PM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s). 9/4/2011 10:27:11 PM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s). 9/3/2011 7:56:15 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume. 9/3/2011 7:34:30 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/3/2011 7:34:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 9/3/2011 4:49:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/3/2011 3:56:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00014A608987 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 9/3/2011 2:34:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 9/3/2011 2:33:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/3/2011 2:33:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start. 9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 9/3/2011 2:17:06 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 9/3/2011 2:14:55 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 9/3/2011 2:14:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service to connect. 9/3/2011 2:14:55 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/3/2011 2:10:45 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s). 9/3/2011 2:07:05 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/3/2011 2:05:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume. 9/3/2011 2:03:29 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File =========================== Thanks again
  9. Please ignore this message. I was able to perform more of the instructions you asked for. I would delete this thread but I don't know how. sorry for the trouble, I was just freaked my internet may have (and might still) become disabled!
  10. hi please help! I was trying to follow your instructions before I posted here, but things are going downhill. I started with the security protection virus. I downloaded and ran malwarebytes and tried renaming mbam.exe to explorer.exe, but malwarebyes still gets shut down during each scan. So I have no log. I downloaded Avira and ran a scan. It detected some items, but then a new virus appeared (XP antivirus 2012). I will try to continue with your list of running Defogger, DDS, and GMER Rootkit scanner, but I fear that my internet access will be gone once I reboot this computer. Can you tell me anything I can do to make Malwarebytes scan properly? renaming both exe files with 'explorer' isn't working as per the previous instructions. Please please help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.