TechSpot

Virus infection, registry seems to be damaged

Resolved
By Abonae
Jul 7, 2011
Topic Status:
Not open for further replies.
  1. Hi

    My PC is in a mess. CCleaner crashes when scanning the registry, Malwarebytes crashes, MSE will not run, Avira will not scan (but the "guard" seems to be scanning), AVG crashes and my browsers have been hijacked.

    I have, I think, followed the steps in the sticky and here are the logs. Malwarebytes crashed when looking at the registry and did not write a log.

    I would be really grateful for any pointers.

    Thanks
    Abo

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-07 19:44:28
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1203N rev.TL100-24
    Running: hz1308xj.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\kgliypow.sys

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip waclient.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp waclient.sys
    AttachedDevice \Driver\Tcpip \Device\Udp waclient.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp waclient.sys

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:600] B5A68D20
    Thread System [4:604] B9AD19E0

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [MANUAL] 1079119757 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
    [/CODE]

    DDS.txt

    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
    Run by Tony at 19:47:22 on 2011-07-07
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.940 [GMT 1:00]
    .
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    "\\.\globalroot\Device\svchost.exe\svchost.exe"
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Documents and Settings\Tony\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.google.com/
    uWindow Title = Microsoft Internet Explorer provided by BTopenworld
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://srch-gb10.hpwis.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Skype] "c:\documents and settings\tony\application data\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\tony\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\tony\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: mswsock.dll
    Trusted Zone: linkedin.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: morfit3dWorld - file://c:\program files\3dstate\3d webmaker\my 3d web sites\world1_1\html\morfit3dWorld.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {05A2C7ED-7962-4A3F-BE2E-0A494B3C6A16} - hxxps://connect.wincanton.co.uk/wa/AssessLoader.cab
    DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://creative.com/su/ocx/15015/CTSUEng.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://download2.citrix.com/FILES/en/products/client/ica/current/ica32t.exe
    DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://connect.wincanton.co.uk/wa/AccessClientLoader.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124706293640
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://creative.com/su/ocx/15023/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{40A0FFA1-F5E1-475D-9EFE-BB59E2F49D33} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A40B89F5-4532-45B0-A192-555FCA43EE2F} : DhcpNameServer = 192.168.1.1
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\tony\application data\mozilla\firefox\profiles\nobje9ym.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Amazon.co.uk
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.telegraph.co.uk/portal/main.jhtml;$sessionid$4KMH2LYAABLNJQFIQMFCFFOAVCBQYIV0?view=HOME&grid=P13&menuId=-1&menuItemId=-1&_requestid=77111|http://news.bbc.co.uk/default.stm
    FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\nobje9ym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\xstandard\bin\NPXStandard.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-7 64512]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-7 11608]
    R1 vcdrom;Virtual CD-ROM Device Driver;c:\hymn\VCdRom.sys [2001-12-19 8576]
    R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-2-18 15872]
    R1 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2007-6-3 85760]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-7 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-7 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-7 61960]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
    R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [2005-4-5 6656]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-7 39984]
    S1 MpKsl0d792cfe;MpKsl0d792cfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69446ae6-7681-4dd5-b7a8-89bb9a7999e7}\mpksl0d792cfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69446ae6-7681-4dd5-b7a8-89bb9a7999e7}\MpKsl0d792cfe.sys [?]
    S1 MpKsl23787a3a;MpKsl23787a3a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ee35b2a-65a3-4c75-866f-f7e49bf6e021}\mpksl23787a3a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ee35b2a-65a3-4c75-866f-f7e49bf6e021}\MpKsl23787a3a.sys [?]
    S1 MpKsl60ac190a;MpKsl60ac190a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4fdad097-3b3a-4ba8-8cd8-025c7b79cd4d}\mpksl60ac190a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4fdad097-3b3a-4ba8-8cd8-025c7b79cd4d}\MpKsl60ac190a.sys [?]
    S1 MpKslcae3c627;MpKslcae3c627;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{45a9a7d6-7689-4e01-9262-fb130ab2a8bb}\mpkslcae3c627.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{45a9a7d6-7689-4e01-9262-fb130ab2a8bb}\MpKslcae3c627.sys [?]
    S1 MpKsldfbb9437;MpKsldfbb9437;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{828924ec-062a-4104-a83a-dca182d8b8a3}\mpksldfbb9437.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{828924ec-062a-4104-a83a-dca182d8b8a3}\MpKsldfbb9437.sys [?]
    S1 MpKsle08c993c;MpKsle08c993c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ecfd28a-1055-4339-817a-80a25504cf81}\mpksle08c993c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ecfd28a-1055-4339-817a-80a25504cf81}\MpKsle08c993c.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2151128]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-3-7 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
    S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys --> c:\windows\system32\drivers\wg121nd5.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-07 18:37:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-07 18:37:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-07 18:33:39 -------- d-----w- c:\documents and settings\tony\application data\Avira
    2011-07-07 18:29:41 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-07 18:29:40 -------- d-----w- c:\program files\Avira
    2011-07-07 18:29:40 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-07-07 18:09:54 388096 ----a-r- c:\documents and settings\tony\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-07-07 18:09:53 -------- d-----w- c:\program files\Trend Micro
    2011-07-07 16:14:31 -------- d-----w- c:\program files\Free Window Registry Repair
    2011-07-07 14:01:18 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-07-07 13:58:40 -------- d-----w- c:\program files\CCleaner
    2011-07-07 13:56:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-07-07 13:30:26 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-07-07 12:22:08 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
    2011-07-07 12:03:57 25984 ----a-w- c:\windows\system32\drivers\1079119757.sys
    2011-07-07 11:00:50 138240 --sha-r- c:\windows\system32\taskmgr3.dll
    2011-07-07 10:38:22 -------- d-----w- c:\documents and settings\tony\Adobe Dreamweaver CS5.5
    2011-07-07 10:37:17 -------- d-----w- c:\documents and settings\tony\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
    2011-07-07 10:37:11 -------- d-----w- c:\program files\Adobe Download Assistant
    2011-07-07 07:04:51 -------- d-----w- c:\documents and settings\tony\local settings\application data\Installer2464
    2011-07-07 06:50:12 -------- d-----w- c:\documents and settings\tony\local settings\application data\Installer2744
    2011-07-05 15:52:44 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-07-05 15:44:27 -------- d-----w- c:\program files\ImageMagick-6.7.0-Q16
    2011-07-05 12:38:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-07-05 12:38:52 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-07-05 12:38:52 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-07-05 12:38:52 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-07-05 12:38:52 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-07-05 12:38:52 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-07-05 12:38:51 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-07-05 12:38:51 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-07-05 12:33:33 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
    2011-07-05 12:33:30 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
    2011-07-02 13:20:50 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
    2011-07-02 13:20:50 2463976 ----a-w- c:\program files\mozilla firefox\plugins\NPSWF32.dll
    2011-07-02 13:20:50 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
    2011-07-02 13:20:50 190696 ----a-w- c:\program files\mozilla firefox\plugins\NPSWF32_FlashUtil.exe
    2011-07-02 13:02:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-16 07:14:50 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-15 16:12:40 -------- d-----w- c:\program files\HTMLPad 2010
    2011-06-15 16:12:40 -------- d-----w- c:\documents and settings\tony\application data\Blumentals
    2011-06-15 16:10:52 -------- d-----w- c:\documents and settings\tony\application data\JGsoft
    2011-06-15 16:06:18 65776 ----a-w- c:\windows\UnDeploy.exe
    .
    ==================== Find3M ====================
    .
    2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    .
    ============= FINISH: 19:48:23.70 ===============
    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 05/04/2004 17:11:25
    System Uptime: 07/07/2011 19:16:51 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    B: is CDROM ()
    C: is FIXED (NTFS) - 107 GiB total, 50.686 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 0.57 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    L: is CDROM ()
    M: is CDROM ()
    N: is Removable
    P: is CDROM ()
    Y: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Premium C309g-m,192.168.1.8
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Premium C309g-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 07/07/2011 13:26:08 - System Checkpoint
    RP2: 07/07/2011 14:29:38 - Installed Ad-Aware
    RP3: 07/07/2011 14:29:57 - Installed Ad-Aware
    RP4: 07/07/2011 16:43:43 - Restore Operation
    RP5: 07/07/2011 19:09:51 - Installed HiJackThis
    .
    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Ad-Aware
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Recommended Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Extra Settings
    Adobe Community Help
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Download Assistant
    Adobe Dreamweaver CS3
    Adobe Dreamweaver CS5.5
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop Scripting Support 1.0
    Adobe Reader X (10.1.0)
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe Widget Browser
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Apple Application Support
    Apple Software Update
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    Battlefield 2: Deluxe Edition
    BufferChm
    Burn4Free 1.0.0.588
    C309g-m
    CameraHelperMsi
    CCleaner
    Citrix Web Client
    CmdHere Powertoy For Windows XP
    CodeStuff Starter
    Compatibility Pack for the 2007 Office system
    Cool MP3 Splitter 3.0
    Coupon Printer for Windows
    Creative Removable Disk Manager
    Creative System Information
    Desktop To Go
    Destinations
    DeviceDiscovery
    DivX
    DOC Regenerator
    DocProc
    Dropbox
    erLT
    ESBUnitConv v4.5.1
    Family History Resource File Viewer 2.0
    Family Tree
    Fax
    FileZilla Client 3.5.0
    Free PS Convert driver 8.15
    Free Window Registry Repair
    gdShutdown
    gdTunes
    GeoWeb
    GNU Backgammon (MAIN branch, 20110117 code)
    GnuWin32: CoreUtils version 5.3.0
    Google Chrome
    Google Desktop
    Google Desktop Plugin - Del.icio.us
    Google Desktop Plugin - IPS Website Counter
    Google Desktop Plugin - Tic Tac Toe
    Google Desktop Plugin - Traffic Check
    Google Desktop System Monitor Plugin
    Google Desktop Todo Plugin
    Google Earth
    Google SketchUp
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToMeeting 4.5.0.457
    GPBaseService2
    Grep-2.5.1 Binaries (GnuWin32)
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    HP Customer Participation Program 14.0
    HP Deskjet Preloaded Printer Drivers
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
    HP PSC & OfficeJet 3.0
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    HTMLPad 2010 v10.2
    ImageMagick 6.7.0-10 Q16 (2011-07-01)
    inSSIDer 2.0
    Intel(R) Extreme Graphics Driver
    Internet Explorer Password Recovery Master 1.4
    J2SE Runtime Environment 5.0 Update 2
    James Bond 007: Nightfire
    Java 2 Runtime Environment, SE v1.4.2
    Java 2 SDK, SE v1.4.2_04
    Java Auto Updater
    Java(TM) 6 Update 26
    Jing
    KBD
    Logitech Gaming Software
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Macromedia Extension Manager
    Make-Your-Own-Opoly
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework SDK (English) 1.1
    Microsoft ActiveSync 3.8
    Microsoft Application Error Reporting
    Microsoft Baseline Security Analyzer 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money
    Microsoft Money System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Publisher 2003
    Microsoft Office Standard Edition 2003
    Microsoft Producer for Microsoft Office PowerPoint 2003
    Microsoft Project 2000 SR-1
    Microsoft Silverlight
    Microsoft Speech Recognition Engine 4.0 (English)
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 2005 Toolbox Controls Installer
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mobile Bristol Toolkit
    Mozilla ActiveX Control v1.7.12
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Multimedia Card Reader
    MyDefrag v4.3.1
    NatWest Book-Keeper
    NCH Toolbox
    NetBeans IDE 3.6
    NETGEAR WG111v3 wireless USB 2.0 adapter
    NetHelp
    Network
    Network Play System (Patching)
    Nexcal v1.6
    Notepad++
    NTREGOPT 1.1j
    NVIDIA Drivers
    NVIDIA GART Driver
    OCR Software by I.R.I.S. 14.0
    PDF Settings
    PDFCreator
    PGPfreeware 6.5.8
    Photosmart 140,240,7200,7600,7700,7900 Series
    Picasa 3
    PopEdit v1.3.1 - The Populous 3 Editor
    Populous Skirmish BETA 0.4
    Populous: The Beginning
    PPC 2003 - MSN (R) Messenger Update
    PrintScreen
    PS_AIO_06_C309g-m_SW_Min
    PS2
    PSShortcutsP
    QuickTime
    QuickTransfer
    Readme
    RealPlayer
    Recuva
    Remove Hidden Data Tool
    Roxio UDF Reader
    SafeCast Shared Components
    Scan
    Secunia PSI
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    SequoiaView
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 4.2
    Slice Audio File Splitter
    SmartFTP Client 2.0 Setup Files (remove only)
    SmartWebPrinting
    SolutionCenter
    SoundTap Streaming Audio Recorder
    Speccy
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    Stellarium 0.9.1
    Swat It v2.1
    Toolbox
    TrayApp
    Tweak UI
    TweakGDS
    Typing Tutor
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2541763)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.4
    WavePad Sound Editor
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 9 Series SDK
    Windows Media Player 11
    Windows XP Creativity Fun Packs - Windows Movie Maker 2
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 11.0
    XStandard
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/06/2011 13:20:08, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0026F2B2E7B0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    30/06/2011 08:24:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    07/07/2011 19:41:31, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    07/07/2011 19:32:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    07/07/2011 19:01:00, error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The system cannot find the file specified.
    07/07/2011 16:44:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter VD_FileDisk
    07/07/2011 16:38:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip VD_FileDisk waclient WS2IFSL
    07/07/2011 16:33:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    07/07/2011 15:54:28, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    07/07/2011 15:53:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip VD_FileDisk waclient WS2IFSL
    07/07/2011 15:53:38, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    07/07/2011 15:53:38, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    07/07/2011 15:53:17, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    07/07/2011 15:38:11, error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:38:11, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:23:23, error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the file specified.
    07/07/2011 15:17:14, error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:17:11, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    07/07/2011 15:12:03, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:12:03, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:12:03, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:12:03, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 15:12:03, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 14:46:04, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.
    07/07/2011 14:40:10, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
    07/07/2011 13:26:43, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    07/07/2011 13:05:15, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    03/07/2011 14:02:45, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help you try to find the problem.
    Please note: Do not put the logs in Code or Quote boxes. It looks nice but it also cuts down on the real estate for the log displays. It means I have to navigate in each logs to see the entries and that's too time consuming. I have edited your logs so you can see the difference.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    You show 2 antivirus program running: Avira and MSE and you also mention AVG. Please get this down to 1 antivirus program. Multiple AV programs actually make a system more vulnerable, not less.
    Reboot the computer when finished.
    ====================================
    I note you installed this program: 2011-07-07 16:14:31>>[ c:\program files\Free Window Registry Repair
    Did you run the program? Did you back up the registry first?
    =====================================
    I also note that you did this: RP4: 07/07/2011 16:43:43 - Restore Operation
    What kind of 'restore' did you do? How far back did you go if you did a System Restore?
    Are these logs from before or after the restore>
    ======================================
    See if this will help run Malwarebytes:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again
     
  3. Abonae

    Abonae TS Rookie Topic Starter

    Hi

    ====================================
    Done.
    No. Although the program seems to back it up each time it runs - like ccleaner.

    The only restore points available were for earlier that day. I tries to restore to the earliest point, but it said there were no system changes to restore to.

    After, but I don't think the restore did anything.

    I will download the mbam renamer.

    Thanks
     
  4. Abonae

    Abonae TS Rookie Topic Starter

    mbam still crashing

    I ran the mbam renamer and it created a shortcut to a renamed file.

    I ran this and it started by:
    and then it disappeared.

    After this, I could not run the program again. I got the following message from windows:
    Thanks
     
  5. Abonae

    Abonae TS Rookie Topic Starter

    Success

    Hi

    I decided to take the plunge and I ran the Avira Rescue CD that I was able to download. This managed to fix my system!!

    Abo
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.