Inactive Need help fixing issue of no access to browser

[brenda313]

I have cleaned and cleaned my pc and I still cannot access the internet through IE7 or Firefox that I have installed. Internet connection is working fine (ping through command prompt and email pulled in through Outlook works fine), have followed suggestions of resetting everything. Running free AVG and it did find a few trojans it removed. Ran Malwarebytes and it removed quite a few infected files as well but still no access. I ran the 8 step process and below are my logs. Please help.
Running Windows XP
(log is now clean from Malwarebytes - I do have the old logs if needed)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5148

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/18/2010 8:39:07 PM
mbam-log-2010-11-18 (20-39-07).txt

Scan type: Quick scan
Objects scanned: 137142
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-18 20:53:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-53DKA0 rev.77.07W77
Running: eq6txl6s.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxnorpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ftdisk.sys entry point in ".rsrc" section [0xF7800314]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 866FBAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-24 866FBAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 866FBAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 866FBAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 866FBAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 866FBAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-1c 866FBAEA

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14599.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD800BB-53DKA0______________________77.07W77#4457572d414d4c48333436313536_031_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 156301232 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ftdisk.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 20:54:39.21 on Thu 11/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.524 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm082YYUS&fl=0&ptb=YAoiWBxEPWsJhyaU0ZZ6Eg&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&n=77c0c54a
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-1 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-1 108552]
R1 NEOFLTR_650_14599;Juniper Networks TDI Filter Driver (NEOFLTR_650_14599);c:\windows\system32\drivers\NEOFLTR_650_14599.SYS [2010-1-22 77608]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-3 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-3 297752]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-8-21 98984]
S3 cpuz132;cpuz132; [x]

=============== Created Last 30 ================

2010-11-16 02:56:28 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-11-13 22:42:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-13 22:42:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-13 22:42:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-13 22:42:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-04 11:48:28 -------- d-----w- c:\program files\MSXML 4.0
2010-10-30 22:19:18 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-30 22:19:18 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-24 19:01:57 -------- dc-h--w- c:\windows\ie8
2010-10-24 14:32:10 -------- d-----w- c:\program files\Support Tools
2010-10-23 21:25:54 -------- d-----w- c:\windows\SxsCaPendDel

==================== Find3M ====================

2010-11-19 02:05:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-19 02:05:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-30 21:11:29 256 ----a-w- c:\documents and settings\owner\pool.bin
2010-10-23 21:38:03 6474 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-09-25 00:28:12 398744 ----a-r- c:\windows\system32\cpnprt2.cid
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-11 14:57:49 88 --sh--r- c:\docume~1\alluse~1\applic~1\B8B75D8D40.sys
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-53DKA0 rev.77.07W77 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x866FBEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8564a872; SUB DWORD [EBP-0x4], 0x8564a12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86763AB8]
3 CLASSPNP[0xF78A3FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000061[0x8676DF18]
5 ACPI[0xF781A620] -> nt!IofCallDriver[0x804E13B9] -> [0x8678AD98]
[0x866022B0] -> IRP_MJ_CREATE -> 0x866FBEC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskWDC_WD800BB-53DKA0______________________77.07W77#4457572d414d4c48333436313536_031_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x866FBAEA
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 20:56:26.21 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/1/2009 1:25:12 PM
System Uptime: 11/18/2010 8:27:37 PM (0 hours ago)

Motherboard: Intel Corporation | | D865GLC
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | J2E1 | 2593/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 48.015 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 71 GiB total, 28.24 GiB free.
F: is FIXED (FAT32) - 4 GiB total, 0.281 GiB free.
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP379: 8/21/2010 8:25:36 PM - System Checkpoint
RP380: 8/22/2010 10:13:12 PM - System Checkpoint
RP381: 8/24/2010 4:32:53 PM - System Checkpoint
RP382: 8/25/2010 6:50:34 PM - System Checkpoint
RP383: 8/26/2010 6:51:50 PM - System Checkpoint
RP384: 8/27/2010 7:59:12 PM - System Checkpoint
RP385: 8/29/2010 3:59:27 PM - Installed Windows Media Format 9 Series Runtime Setup
RP386: 8/30/2010 8:13:35 PM - System Checkpoint
RP387: 8/31/2010 8:19:53 PM - System Checkpoint
RP388: 9/1/2010 12:47:09 PM - Installed PowerDirector
RP389: 9/2/2010 6:54:57 PM - System Checkpoint
RP390: 9/3/2010 7:21:16 PM - System Checkpoint
RP391: 9/5/2010 2:09:09 AM - System Checkpoint
RP392: 9/5/2010 12:18:32 PM - Installed DirectX
RP393: 9/5/2010 12:33:50 PM - Installed Windows Media Format 9 Series Runtime Setup
RP394: 9/5/2010 12:34:24 PM - Installed Windows Media Format Runtime
RP395: 9/5/2010 12:37:05 PM - Installed SmartSound Common Data
RP396: 9/5/2010 12:37:36 PM - Installed SmartSound Quicktracks 5
RP397: 9/6/2010 10:33:44 PM - System Checkpoint
RP398: 9/7/2010 10:56:18 PM - System Checkpoint
RP399: 9/8/2010 8:01:18 AM - Avg8 Update
RP400: 9/8/2010 10:46:03 PM - Avg8 Update
RP401: 9/9/2010 9:54:07 PM - Removed Microsoft Silverlight
RP402: 9/9/2010 9:56:42 PM - Removed Apple Software Update
RP403: 9/9/2010 9:57:28 PM - Configured PowerDirector
RP404: 9/9/2010 10:23:19 PM - Removed WinZip 12.1
RP405: 9/10/2010 11:10:48 PM - System Checkpoint
RP406: 9/11/2010 11:24:06 PM - System Checkpoint
RP407: 9/13/2010 7:23:35 AM - System Checkpoint
RP408: 9/14/2010 7:35:35 AM - System Checkpoint
RP409: 9/15/2010 8:36:39 AM - System Checkpoint
RP410: 9/16/2010 9:35:34 AM - System Checkpoint
RP411: 9/17/2010 3:35:09 PM - System Checkpoint
RP412: 9/18/2010 3:35:35 PM - System Checkpoint
RP413: 9/19/2010 10:52:50 PM - System Checkpoint
RP414: 9/21/2010 7:15:55 PM - System Checkpoint
RP415: 9/22/2010 7:22:07 PM - System Checkpoint
RP416: 9/23/2010 11:00:07 PM - System Checkpoint
RP417: 9/24/2010 11:04:30 PM - System Checkpoint
RP418: 9/26/2010 12:15:15 PM - System Checkpoint
RP419: 9/27/2010 10:24:09 AM - Installed Corel DVD MovieFactory
RP420: 9/28/2010 10:08:52 PM - System Checkpoint
RP421: 9/30/2010 7:42:21 AM - System Checkpoint
RP422: 10/1/2010 5:04:04 PM - System Checkpoint
RP423: 10/2/2010 9:06:11 PM - System Checkpoint
RP424: 10/4/2010 12:23:59 AM - System Checkpoint
RP425: 10/5/2010 1:26:04 PM - System Checkpoint
RP426: 10/6/2010 9:51:33 AM - Avg8 Update
RP427: 10/7/2010 10:12:19 AM - System Checkpoint
RP428: 10/8/2010 11:07:54 AM - System Checkpoint
RP429: 10/9/2010 3:48:05 PM - System Checkpoint
RP430: 10/10/2010 4:42:23 PM - System Checkpoint
RP431: 10/12/2010 7:28:33 AM - System Checkpoint
RP432: 10/13/2010 2:59:18 PM - System Checkpoint
RP433: 10/14/2010 3:55:37 PM - System Checkpoint
RP434: 10/15/2010 4:11:18 PM - System Checkpoint
RP435: 10/16/2010 5:55:21 PM - System Checkpoint
RP436: 10/17/2010 6:40:52 PM - System Checkpoint
RP437: 10/18/2010 9:11:47 PM - System Checkpoint
RP438: 10/19/2010 6:23:51 PM - Software Distribution Service 3.0
RP439: 10/19/2010 7:55:18 PM - Installed Java(TM) 6 Update 22
RP440: 10/20/2010 7:12:28 PM - Installed Corel DVD MovieFactory
RP441: 10/21/2010 6:56:04 AM - Installed Corel DVD MovieFactory
RP442: 10/22/2010 7:40:11 AM - System Checkpoint
RP443: 10/23/2010 10:26:47 AM - System Checkpoint
RP444: 10/23/2010 4:22:02 PM - Configured SmartSound Quicktracks Plugin
RP445: 10/23/2010 4:23:11 PM - Configured SmartSound Common Data
RP446: 10/23/2010 4:24:21 PM - Configured SmartSound Quicktracks 5
RP447: 10/23/2010 4:27:50 PM - Configured SmartSound Quicktracks Plugin
RP448: 10/23/2010 4:30:02 PM - Removed Linksys Updater
RP449: 10/24/2010 9:31:47 AM - Installed Windows Support Tools
RP450: 10/24/2010 2:01:13 PM - Software Distribution Service 3.0
RP451: 10/24/2010 2:02:58 PM - Installed Windows Internet Explorer 8.
RP452: 10/24/2010 2:03:48 PM - Software Distribution Service 3.0
RP453: 10/25/2010 6:08:18 PM - System Checkpoint
RP454: 10/26/2010 9:59:26 AM - Avg8 Update
RP455: 10/26/2010 10:00:28 AM - Avg8 Update
RP456: 10/28/2010 7:03:09 AM - System Checkpoint
RP457: 10/29/2010 9:38:23 AM - System Checkpoint
RP458: 10/30/2010 4:44:52 PM - Installed Error Fix
RP459: 10/30/2010 5:02:10 PM - Restore Operation
RP460: 10/30/2010 5:18:42 PM - Restore Operation
RP461: 10/31/2010 5:25:00 PM - System Checkpoint
RP462: 11/1/2010 6:26:32 PM - System Checkpoint
RP463: 11/3/2010 3:48:07 PM - System Checkpoint
RP464: 11/4/2010 6:46:50 AM - Software Distribution Service 3.0
RP465: 11/4/2010 6:56:33 PM - Software Distribution Service 3.0
RP466: 11/6/2010 12:38:13 PM - System Checkpoint
RP467: 11/8/2010 2:38:18 PM - System Checkpoint
RP468: 11/9/2010 7:38:58 AM - Installed Error Fix
RP469: 11/11/2010 5:48:15 PM - System Checkpoint
RP470: 11/12/2010 6:03:02 PM - System Checkpoint
RP471: 11/13/2010 4:27:14 PM - Removed Error Fix
RP472: 11/13/2010 5:15:05 PM - Software Distribution Service 3.0
RP473: 11/14/2010 5:27:50 PM - System Checkpoint
RP474: 11/15/2010 9:27:55 PM - System Checkpoint
RP475: 11/17/2010 7:02:41 AM - System Checkpoint
RP476: 11/18/2010 12:47:18 PM - System Checkpoint
RP477: 11/18/2010 8:04:05 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 8.5
BlackBerry Desktop Software 4.3
Bonjour
Contents
Corel VideoStudio Pro X3
CyberLink PowerDirector
D-Link PCI Fast Ethernet Adapter
DeviceIO
Eye Candy 4000
Free WMA to MP3 Converter 1.16
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ICA
Intel(R) Extreme Graphics 2 Driver
IPM_VS_Pro
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 22
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
K-Lite Codec Pack 4.5.3 (Standard)
Lexmark 1200 Series
Lexmark Fax Solutions
Lexmark Printable Web
Lexmark S300-S400 Series
Lexmark Toolbar
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office Excel Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Platform Installer 2.0 RC
MLE
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
OJOsoft DVD to AVI Converter
OpenOffice.org 3.0
PictureProject
PictureProject In Touch Downloader 1.0
PureHD
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealPlayer
RealUpgrade 1.0
Roxio Media Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Setup
Share
Smart Audio Converter Pro
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
Switch Sound File Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
VIO
VLC media player 0.9.9
VSClassic
VSPro
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
WinX Free DVD Ripper 4.5.6
WinZip 12.1

==== Event Viewer Messages From Past Week ========

11/18/2010 8:54:45 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
11/18/2010 8:42:01 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
11/18/2010 8:25:49 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 7:48:06 PM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 7:48:06 PM, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
11/18/2010 7:48:06 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/18/2010 7:48:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NEOFLTR_650_14599 NetBIOS NetBT RasAcd Rdbss Tcpip
11/18/2010 7:48:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2010 7:48:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2010 7:48:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2010 7:48:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2010 7:48:06 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2010 7:48:06 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2010 9:08:45 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/14/2010 4:21:46 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/14/2010 4:12:25 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 4 time(s).
11/14/2010 4:12:21 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 3 time(s).
11/14/2010 4:12:08 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 2 time(s).
11/13/2010 5:05:09 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 5:04:23 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
11/13/2010 5:04:19 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:04:15 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:04:15 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:04:11 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:04:04 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 5:02:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 5:01:30 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:00:50 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 5:00:25 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:00:20 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:00:14 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 5:00:07 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/13/2010 4:59:56 PM, error: Service Control Manager [7034] - The lxea_device service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 4:59:41 PM, error: Service Control Manager [7034] - The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 4:59:34 PM, error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
11/13/2010 4:59:19 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/13/2010 4:57:43 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 4:55:38 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/13/2010 4:51:19 PM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
11/13/2010 4:51:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect.
11/13/2010 4:51:19 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
11/13/2010 4:51:19 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
11/13/2010 4:51:19 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/13/2010 4:51:19 PM, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2010 4:51:19 PM, error: Service Control Manager [7000] - The lxcz_device service failed to start due to the following error: The system cannot find the path specified.
11/13/2010 4:51:19 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
11/13/2010 4:41:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/13/2010 4:41:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/13/2010 4:39:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
11/13/2010 4:38:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/13/2010 4:37:53 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
11/13/2010 4:37:53 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
11/13/2010 4:28:50 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/12/2010 6:22:06 PM, error: Dhcp [1002] - The IP address lease 174.71.57.62 for the Network Card with network address 001346EB600B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware- it appears that you have a Rootkit, so let's begin with this program:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is requireed after disinfection.

While you're running this, will be checking these logs. Please leave log from TDSSKiller when finished.

 

[brenda313]

Thank you. I am working from my office pc so will download from here and bring home to the infected pc and run it. I'll post the log as soon as I have run it.

 

[Bobbye]

Okay. Fine.

 

[brenda313]

Ran TDS and it worked

I ran the TDSKiller program and it worked. After rebooting I am able to now use both IE and Firefox browsers. Below is the TDS log in case you still want to review. Let me know if there is anything more I should do or if having browser access is the clear sign all is good. Thanks!

2010/11/19 18:31:43.0359 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/19 18:31:43.0359 ================================================================================
2010/11/19 18:31:43.0359 SystemInfo:
2010/11/19 18:31:43.0359
2010/11/19 18:31:43.0359 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/19 18:31:43.0359 Product type: Workstation
2010/11/19 18:31:43.0359 ComputerName: OWNER-7618B995B
2010/11/19 18:31:43.0359 UserName: Owner
2010/11/19 18:31:43.0359 Windows directory: C:\WINDOWS
2010/11/19 18:31:43.0359 System windows directory: C:\WINDOWS
2010/11/19 18:31:43.0359 Processor architecture: Intel x86
2010/11/19 18:31:43.0359 Number of processors: 2
2010/11/19 18:31:43.0359 Page size: 0x1000
2010/11/19 18:31:43.0359 Boot type: Normal boot
2010/11/19 18:31:43.0359 ================================================================================
2010/11/19 18:31:43.0703 Initialize success

 

[Bobbye]

Glad to hear that helped. But we're not quite through yet. There are most certain to be additional processes that need to be removed:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=======================================
Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

 

[brenda313]

error in removing avg as Combofix requires

In trying to run Combofix it tells me I need to uninstall AVG (running free version) before I can use the program. When I try to uninstall AVG it gives me an error stating, "Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005
Any suggestions of how to get around this before I consult AVG?
Eset ran fine.

 

[Bobbye]

It's amazing that a simple free program can cause this much trouble! Everyone who has AVG is having the same problem! This is what causes the problem:

AVG Resident Shield
Please open the AVG Control Center

• Double-click on the "AVG Resident Shield" component
  
  )
• Uncheck "Turn on AVG Resident Shield"
• Save the setting.

To renable the AVG Resident Shield after running the scan:

• Open the AVG Control Cente
• Double-click on the "AVG Resident Shield" component
• Check "Turn on AVG Resident Shield"
• Save the setting.

 

[brenda313]

still not working

Sorry, I should have mentioned I had already disabled the shield. I tried it again and went through and disabled anything I could in the AVG control center. I still receive the error message that Combofix is unable to run with AVG installed.

 

[Bobbye]

Try this: Right Click on combofix.exe on the desktop> Choose Rename change name to brendafix.exe > Close. Now try the scan again.

If it still won't run, use Safe Mode to run the scan:
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.