Solved Crypt.AQLW infection

B

bobobill

Posts: 28   +0
it seems every ten minutes or so avg pops up with this Crypt.AQLW and it says it removed it but it keeps popping up, and every time i search with google i get redirected. can someone help me remove this once and for all. thanks

edit i forgot to mention i am running xp
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
malwarebytes log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
ecp :: CNCS-AC20E5539A [administrator]

Protection: Enabled

4/11/2012 5:02:52 PM
mbam-log-2012-04-11 (17-02-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 170355
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\ecp\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\ecp\Application Data\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

gmer log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-11 17:53:04
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST380819AS rev.3.04
Running: 2fvtlgue.exe; Driver: C:\DOCUME~1\ecp\LOCALS~1\Temp\kfddiaob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
 
dds.txt log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.2.0
Run by ecp at 17:59:33 on 2012-04-11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2551.2097 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\ExpressFiles\EFupdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\BelkinMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\windows\system32\BelkinMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\qoobox\quarantine\c\program files\billeo\billeo.exe.vir
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\trojan~1.lnk - c:\program files\trojan guarder gold version\Trojan Guarder.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ecp\application data\mozilla\firefox\profiles\war018ks.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.prowrestling.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110910&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-2-4 32896]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [2011-8-30 78720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-11 22344]
R3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;c:\windows\system32\PCAND5BK.SYS [2011-8-30 15104]
S2 DivisCTS;Sleepy;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 mfesmfk;Axsnmsvc;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 pavagente;Ha10kx2k;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 savrt;Tmesrv3;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 vet-filt;Slssvc;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
.
=============== Created Last 30 ================
.
2012-04-11 23:59:32 -------- d-----w- c:\documents and settings\ecp\application data\Malwarebytes
2012-04-11 23:58:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 23:58:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 23:58:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-11 18:36:59 -------- d-sha-r- C:\cmdcons
2012-04-11 18:35:38 -------- d-s---w- C:\ComboFix
2012-04-11 18:29:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 13:01:21 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-07 12:17:14 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-07 12:14:17 98816 ----a-w- c:\windows\sed.exe
2012-04-07 12:14:17 518144 ----a-w- c:\windows\SWREG.exe
2012-04-07 12:14:17 256000 ----a-w- c:\windows\PEV.exe
2012-04-07 12:14:17 208896 ----a-w- c:\windows\MBR.exe
2012-04-06 14:40:28 -------- d-----w- c:\program files\Trojan Guarder Gold Version
2012-04-05 13:22:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-18 12:19:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 12:19:18 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-11 18:30:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-05 13:22:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 12:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 12:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-04 14:35:03 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-04 14:35:03 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-04 14:35:03 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-31 11:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 18:00:14.21 ===============
 
attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2008 11:26:03 AM
System Uptime: 4/11/2012 5:37:38 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 097Ch
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 0.83 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_3006103C&REV_04\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_3006103C&REV_04\3&B1BFB68&0&10
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_3006103C&REV_04\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2782&SUBSYS_3006103C&REV_04\3&B1BFB68&0&11
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_3006103C&REV_01\4&1886B119&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_3006103C&REV_01\4&1886B119&0&00E1
Service:
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_A88XENC_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_A88XENC_XX
Service: A88xEnc
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_DNWHODISP_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_DNWHODISP_XX
Service: dnwhodisp
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_IAIMTV0_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_IAIMTV0_XX
Service: iaimtv0
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_SPSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_SPSERVICE_XX
Service: SPService
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_ZTEUSBMDM6K_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_ZTEUSBMDM6K_XX
Service: ZTEusbmdm6k
.
==== System Restore Points ===================
.
RP431: 3/18/2012 8:41:40 AM - System Checkpoint
RP432: 3/20/2012 8:33:21 AM - System Checkpoint
RP433: 3/21/2012 9:07:10 AM - System Checkpoint
RP434: 3/22/2012 12:48:03 PM - System Checkpoint
RP435: 3/23/2012 1:02:44 PM - System Checkpoint
RP436: 3/24/2012 1:26:44 PM - System Checkpoint
RP437: 3/25/2012 1:26:56 PM - System Checkpoint
RP438: 3/27/2012 5:58:11 AM - System Checkpoint
RP439: 3/28/2012 8:45:41 AM - System Checkpoint
RP440: 3/29/2012 11:31:11 AM - System Checkpoint
RP441: 3/30/2012 9:53:21 PM - System Checkpoint
RP442: 3/31/2012 10:59:28 PM - System Checkpoint
RP443: 4/2/2012 9:13:16 AM - System Checkpoint
RP444: 4/3/2012 12:30:56 PM - System Checkpoint
RP445: 4/4/2012 9:34:08 AM - Removed AVG 2012
RP446: 4/7/2012 5:07:06 AM - Removed AVG 2012
RP447: 4/7/2012 5:07:56 AM - Removed AVG 2012
RP448: 4/7/2012 6:00:31 AM - Installed AVG 2012
RP449: 4/7/2012 6:00:57 AM - Installed AVG 2012
RP450: 4/8/2012 8:14:01 AM - Removed AVG 2012
RP451: 4/9/2012 8:27:18 AM - System Checkpoint
RP452: 4/10/2012 9:04:07 AM - System Checkpoint
RP453: 4/11/2012 2:17:01 PM - OTL Restore Point - 4/11/2012 2:16:59 PM
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Any Video Converter 3.3.5
Any Video Converter Ultimate 4.3.3
AVG 2012
Belkin 11Mbps Wireless Desktop Network Card
BS.Player FREE
BSPlayer
DivX Setup
Dream Video Converter Ultimate 3.8.5
FLV Player
Foxit Reader 5.1
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 2
JumpStart PreSchool v1.4
K-Lite Mega Codec Pack 7.7.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 11.0 (x86 en-US)
PicPerk 7.0
PS3 Media Server
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Trojan Guarder Gold Version 8.22
Update for Windows XP (KB898461)
Update for Windows XP (KB911164)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebFldrs XP
Windows Installer 3.1 (KB893803)
WinRAR 4.01 (32-bit)
Xross Media Simulator 1.0
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
4/7/2012 5:10:50 AM, error: Service Control Manager [7023] - The Xcomm service terminated with the following error: The specified module could not be found.
4/7/2012 5:10:50 AM, error: Service Control Manager [7023] - The Tavsvc service terminated with the following error: The specified module could not be found.
4/7/2012 4:53:43 AM, error: Service Control Manager [7023] - The Tavsvc service terminated with the following error: Access is denied.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Xcomm service terminated with the following error: Access is denied.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Useraccess service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The S616mgmt service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Rpaservice service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Pdiddcci service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The OdysseyIM3 service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Netsvc service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Lirsgt service terminated with the following error: The specified module could not be found.
4/7/2012 4:52:08 AM, error: Service Control Manager [7023] - The Gearaspiwdm service terminated with the following error: The specified module could not be found.
4/7/2012 4:35:59 AM, error: Service Control Manager [7023] - The Lirsgt service terminated with the following error: Access is denied.
4/7/2012 4:20:59 AM, error: Service Control Manager [7023] - The Useraccess service terminated with the following error: Access is denied.
4/7/2012 4:06:02 AM, error: Service Control Manager [7023] - The Netsvc service terminated with the following error: Access is denied.
4/7/2012 3:50:59 AM, error: Service Control Manager [7023] - The OdysseyIM3 service terminated with the following error: Access is denied.
4/7/2012 3:35:59 AM, error: Service Control Manager [7023] - The Gearaspiwdm service terminated with the following error: Access is denied.
4/7/2012 3:20:58 AM, error: Service Control Manager [7023] - The Pdiddcci service terminated with the following error: Access is denied.
4/7/2012 3:05:58 AM, error: Service Control Manager [7023] - The Rpaservice service terminated with the following error: Access is denied.
4/7/2012 3:05:22 AM, error: Service Control Manager [7023] - The Sandradatasrv service terminated with the following error: The specified module could not be found.
4/7/2012 3:05:22 AM, error: Service Control Manager [7023] - The S616mgmt service terminated with the following error: Access is denied.
4/7/2012 3:05:22 AM, error: Service Control Manager [7023] - The Pserve service terminated with the following error: The specified module could not be found.
4/7/2012 3:05:22 AM, error: Service Control Manager [7023] - The Lmab_device service terminated with the following error: The specified module could not be found.
4/7/2012 3:05:22 AM, error: Service Control Manager [7023] - The Dnserver32 service terminated with the following error: The specified module could not be found.
4/6/2012 9:52:33 AM, error: Service Control Manager [7023] - The Msvad_simple service terminated with the following error: Access is denied.
4/6/2012 9:49:58 AM, error: Service Control Manager [7023] - The Slssvc service terminated with the following error: Access is denied.
4/6/2012 9:33:52 AM, error: Service Control Manager [7023] - The Wdm_au8820 service terminated with the following error: Access is denied.
4/6/2012 9:18:53 AM, error: Service Control Manager [7023] - The OneCareMP service terminated with the following error: Access is denied.
4/6/2012 9:03:52 AM, error: Service Control Manager [7023] - The Cmigameport service terminated with the following error: Access is denied.
4/6/2012 8:48:52 AM, error: Service Control Manager [7023] - The Ktp service terminated with the following error: Access is denied.
4/6/2012 8:33:52 AM, error: Service Control Manager [7023] - The Nvmd service terminated with the following error: Access is denied.
4/6/2012 8:18:52 AM, error: Service Control Manager [7023] - The Om518p service terminated with the following error: Access is denied.
4/6/2012 8:03:52 AM, error: Service Control Manager [7023] - The Procmon10 service terminated with the following error: Access is denied.
4/6/2012 7:48:52 AM, error: Service Control Manager [7023] - The S716obex service terminated with the following error: Access is denied.
4/6/2012 7:33:52 AM, error: Service Control Manager [7023] - The TMBUS service terminated with the following error: Access is denied.
4/6/2012 7:18:52 AM, error: Service Control Manager [7023] - The Oracleoradb10g_home1isql*plus service terminated with the following error: Access is denied.
4/6/2012 7:03:52 AM, error: Service Control Manager [7023] - The Iolo_srv service terminated with the following error: Access is denied.
4/6/2012 6:48:53 AM, error: Service Control Manager [7023] - The Soma service terminated with the following error: Access is denied.
4/6/2012 6:33:54 AM, error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: Access is denied.
4/6/2012 6:20:35 PM, error: Service Control Manager [7023] - The Lmab_device service terminated with the following error: Access is denied.
4/6/2012 6:18:51 AM, error: Service Control Manager [7023] - The WBHWDOCT service terminated with the following error: Access is denied.
4/6/2012 6:17:15 AM, error: Service Control Manager [7023] - The Profos service terminated with the following error: Access is denied.
4/6/2012 6:05:35 PM, error: Service Control Manager [7023] - The Sandradatasrv service terminated with the following error: Access is denied.
4/6/2012 5:50:35 PM, error: Service Control Manager [7023] - The Pserve service terminated with the following error: Access is denied.
4/6/2012 5:49:36 PM, error: Service Control Manager [7023] - The Dnserver32 service terminated with the following error: Access is denied.
4/6/2012 5:39:00 PM, error: Service Control Manager [7023] - The InterBaseServer service terminated with the following error: The specified module could not be found.
4/6/2012 5:39:00 PM, error: Service Control Manager [7023] - The Houdiniserver service terminated with the following error: The specified module could not be found.
4/6/2012 5:39:00 PM, error: Service Control Manager [7023] - The Ghostsec service terminated with the following error: The specified module could not be found.
4/6/2012 5:39:00 PM, error: Service Control Manager [7023] - The AtcL002 service terminated with the following error: The specified module could not be found.
4/6/2012 5:36:06 PM, error: Service Control Manager [7023] - The Houdiniserver service terminated with the following error: Access is denied.
4/6/2012 5:21:06 PM, error: Service Control Manager [7023] - The Ghostsec service terminated with the following error: Access is denied.
4/6/2012 5:06:06 PM, error: Service Control Manager [7023] - The AtcL002 service terminated with the following error: Access is denied.
4/6/2012 5:05:06 PM, error: Service Control Manager [7023] - The InterBaseServer service terminated with the following error: Access is denied.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The XDva004 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Wsearch service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Wdm_au8820 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The WBHWDOCT service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Vetfddnt service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Tmesrv3 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Tme3srv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Tmcomm service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Tdsmapi service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Tappsrv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Ssfs0509 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The SlWdmSup service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Slssvc service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Sleepy service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Sigfilt service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Se58mdm service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The SANDRA service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The ROB_A service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Rdpdd service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Profos service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Pnmsrv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Plsremotesvc service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Pdlncfwk service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The P2pimsvc service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Oracleoradb10g_home1isql*plus service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Msvad_simple service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Msdv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Modemcsa service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Mksupdateint service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Mctskshd.exe service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The MaRdPnp service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Lyncusbserv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Lxcr_device service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The License service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Lfsfilt service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The KMWDFilter service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Isdrv120 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Iolo_srv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The IntelC53 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Inotask service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The HSFHWICH service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Ha10kx2k service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Gtndis5 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The EhttpSrv service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Dvd43llh service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The DcFpoint service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Dbustrcm service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Db2governor service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Ctxcpuusync service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Ccalib8 service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The BASFND service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Axsnmsvc service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The ATMsrvc service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Aracpi service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The Adiusbaw service terminated with the following error: The specified module could not be found.
4/6/2012 4:54:47 PM, error: Service Control Manager [7023] - The {834170a7-af3b-4d34-a757-e05eb29ee96d} service terminated with the following error: The specified module could not be found.
4/6/2012 4:51:35 PM, error: Service Control Manager [7023] - The EhttpSrv service terminated with the following error: Access is denied.
4/6/2012 4:36:35 PM, error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: Access is denied.
4/6/2012 4:26:34 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
4/6/2012 4:21:35 PM, error: Service Control Manager [7023] - The SlWdmSup service terminated with the following error: Access is denied.
4/6/2012 4:06:35 PM, error: Service Control Manager [7023] - The Db2governor service terminated with the following error: Access is denied.
4/6/2012 3:51:35 PM, error: Service Control Manager [7023] - The Sleepy service terminated with the following error: Access is denied.
4/6/2012 3:36:35 PM, error: Service Control Manager [7023] - The Inotask service terminated with the following error: Access is denied.
4/6/2012 3:35:35 PM, error: Service Control Manager [7023] - The Dbustrcm service terminated with the following error: Access is denied.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The Tosrfec service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The TMBUS service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The Tfsnopio service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The Soma service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The Servicelayer service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The PCASp50 service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The O2flash service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The NOWMEMDF service terminated with the following error: The specified module could not be found.
4/6/2012 3:27:32 PM, error: Service Control Manager [7023] - The Acprfmgrsvc service terminated with the following error: The specified module could not be found.
4/6/2012 3:22:06 PM, error: Service Control Manager [7023] - The Sigfilt service terminated with the following error: Access is denied.
4/6/2012 3:07:04 PM, error: Service Control Manager [7023] - The Adiusbaw service terminated with the following error: Access is denied.
4/6/2012 2:52:04 PM, error: Service Control Manager [7023] - The Pdlncfwk service terminated with the following error: Access is denied.
4/6/2012 2:37:04 PM, error: Service Control Manager [7023] - The IntelC53 service terminated with the following error: Access is denied.
4/6/2012 2:22:04 PM, error: Service Control Manager [7023] - The HSFHWICH service terminated with the following error: Access is denied.
4/6/2012 2:07:04 PM, error: Service Control Manager [7023] - The Msdv service terminated with the following error: Access is denied.
4/6/2012 12:52:04 PM, error: Service Control Manager [7023] - The Tfsnopio service terminated with the following error: Access is denied.
4/6/2012 12:37:04 PM, error: Service Control Manager [7023] - The ATMsrvc service terminated with the following error: Access is denied.
4/6/2012 12:22:04 PM, error: Service Control Manager [7023] - The Tosrfec service terminated with the following error: Access is denied.
4/6/2012 12:07:04 PM, error: Service Control Manager [7023] - The XDva004 service terminated with the following error: Access is denied.
4/6/2012 11:52:04 AM, error: Service Control Manager [7023] - The Acprfmgrsvc service terminated with the following error: Access is denied.
4/6/2012 11:37:03 AM, error: Service Control Manager [7023] - The Wsearch service terminated with the following error: Access is denied.
4/6/2012 11:22:04 AM, error: Service Control Manager [7023] - The NOWMEMDF service terminated with the following error: Access is denied.
4/6/2012 11:07:03 AM, error: Service Control Manager [7023] - The PCASp50 service terminated with the following error: Access is denied.
4/6/2012 10:52:04 AM, error: Service Control Manager [7023] - The O2flash service terminated with the following error: Access is denied.
4/6/2012 10:51:04 AM, error: Service Control Manager [7023] - The Modemcsa service terminated with the following error: Access is denied.
4/6/2012 10:37:34 AM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: Access is denied.
4/6/2012 10:22:33 AM, error: Service Control Manager [7023] - The ROB_A service terminated with the following error: Access is denied.
4/6/2012 10:07:33 AM, error: Service Control Manager [7023] - The Mksupdateint service terminated with the following error: Access is denied.
4/6/2012 1:52:04 PM, error: Service Control Manager [7023] - The Servicelayer service terminated with the following error: Access is denied.
4/6/2012 1:37:04 PM, error: Service Control Manager [7023] - The Se58mdm service terminated with the following error: Access is denied.
4/6/2012 1:22:04 PM, error: Service Control Manager [7023] - The Rdpdd service terminated with the following error: Access is denied.
4/6/2012 1:07:04 PM, error: Service Control Manager [7023] - The Lyncusbserv service terminated with the following error: Access is denied.
4/5/2012 5:50:50 AM, error: Service Control Manager [7023] - The Pnmsrv service terminated with the following error: Access is denied.
4/5/2012 5:39:15 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/5/2012 5:21:20 AM, error: Service Control Manager [7023] - The KMWDFilter service terminated with the following error: Access is denied.
4/5/2012 5:06:20 AM, error: Service Control Manager [7023] - The Aracpi service terminated with the following error: Access is denied.
4/5/2012 5:05:20 AM, error: Service Control Manager [7023] - The Tdsmapi service terminated with the following error: Access is denied.
4/5/2012 4:22:49 AM, error: Service Control Manager [7023] - The Tmcomm service terminated with the following error: Access is denied.
4/5/2012 4:21:49 AM, error: Service Control Manager [7023] - The BASFND service terminated with the following error: Access is denied.
4/5/2012 4:17:49 AM, error: Service Control Manager [7023] - The Lfsfilt service terminated with the following error: Access is denied.
4/5/2012 2:25:25 PM, error: Service Control Manager [7023] - The Btwdndis service terminated with the following error: Access is denied.
4/5/2012 2:10:25 PM, error: Service Control Manager [7023] - The Plsremotesvc service terminated with the following error: Access is denied.
4/5/2012 12:54:23 PM, error: Service Control Manager [7023] - The Gtndis5 service terminated with the following error: Access is denied.
4/5/2012 12:39:23 PM, error: Service Control Manager [7023] - The License service terminated with the following error: Access is denied.
4/5/2012 12:24:23 PM, error: Service Control Manager [7023] - The Axsnmsvc service terminated with the following error: Access is denied.
4/5/2012 12:09:23 PM, error: Service Control Manager [7023] - The Mctskshd.exe service terminated with the following error: Access is denied.
4/5/2012 11:54:23 AM, error: Service Control Manager [7023] - The Lxcr_device service terminated with the following error: Access is denied.
4/5/2012 11:39:23 AM, error: Service Control Manager [7023] - The Ssfs0509 service terminated with the following error: Access is denied.
4/5/2012 11:24:23 AM, error: Service Control Manager [7023] - The MaRdPnp service terminated with the following error: Access is denied.
4/5/2012 11:09:23 AM, error: Service Control Manager [7023] - The {834170a7-af3b-4d34-a757-e05eb29ee96d} service terminated with the following error: Access is denied.
4/5/2012 10:54:22 AM, error: Service Control Manager [7023] - The Dvd43llh service terminated with the following error: Access is denied.
4/5/2012 10:39:22 AM, error: Service Control Manager [7023] - The Tme3srv service terminated with the following error: Access is denied.
4/5/2012 10:24:21 AM, error: Service Control Manager [7023] - The Ha10kx2k service terminated with the following error: Access is denied.
4/5/2012 10:23:22 AM, error: Service Control Manager [7023] - The Isdrv120 service terminated with the following error: Access is denied.
4/5/2012 1:55:25 PM, error: Service Control Manager [7023] - The Tmesrv3 service terminated with the following error: Access is denied.
4/5/2012 1:54:25 PM, error: Service Control Manager [7023] - The SANDRA service terminated with the following error: Access is denied.
4/5/2012 1:40:54 PM, error: Service Control Manager [7023] - The P2pimsvc service terminated with the following error: Access is denied.
4/5/2012 1:23:53 PM, error: Service Control Manager [7023] - The Ctxcpuusync service terminated with the following error: Access is denied.
4/5/2012 1:22:55 PM, error: Service Control Manager [7023] - The Tappsrv service terminated with the following error: Access is denied.
4/5/2012 1:09:23 PM, error: Service Control Manager [7023] - The DcFpoint service terminated with the following error: Access is denied.
.
==== End Of File ===========================
 
so far everything seems to be running fine AVG is not popping up and i'm not getting redirected when i use google.
 
Good, but we need to make sure nothing is hiding...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-11 23:50:51
-----------------------------
23:50:51.187 OS Version: Windows 5.1.2600 Service Pack 2
23:50:51.187 Number of processors: 2 586 0x409
23:50:51.187 ComputerName: CNCS-AC20E5539A UserName: ecp
23:50:51.546 Initialize success
23:56:55.859 AVAST engine defs: 12041101
23:57:14.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
23:57:14.593 Disk 0 Vendor: ST380819AS 3.04 Size: 76319MB BusType: 3
23:57:14.703 Disk 0 MBR read successfully
23:57:14.718 Disk 0 MBR scan
23:57:14.781 Disk 0 Windows XP default MBR code
23:57:14.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
23:57:14.843 Disk 0 scanning sectors +156280320
23:57:14.953 Disk 0 scanning C:\WINDOWS\system32\drivers
23:57:23.843 Service scanning
23:57:37.125 Modules scanning
23:57:41.640 Disk 0 trace - called modules:
23:57:41.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
23:57:41.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89effab8]
23:57:41.734 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\0000006b[0x89f033b8]
23:57:41.781 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89f01940]
23:57:42.234 AVAST engine scan C:\WINDOWS
23:57:48.781 AVAST engine scan C:\WINDOWS\system32
23:59:35.000 AVAST engine scan C:\WINDOWS\system32\drivers
23:59:47.078 AVAST engine scan C:\Documents and Settings\ecp
00:07:55.031 AVAST engine scan C:\Documents and Settings\All Users
00:08:35.984 Scan finished successfully
00:09:38.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ecp\Desktop\MBR.dat"
00:09:38.390 The log file has been saved successfully to "C:\Documents and Settings\ecp\Desktop\aswMBR.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
i uninstalled avg it before i ran combodfix and it still says it was running here is the log if i need to do it again let me know

ComboFix 12-04-13.01 - ecp 04/13/2012 10:13:54.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2551.2276 [GMT -7:00]
Running from: c:\documents and settings\ecp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ipconfig.txt
.
---- Previous Run -------
.
c:\documents and settings\ecp\Application Data\dplaysvr.exe
c:\documents and settings\NetworkService\Application Data\Adobe\sp.DLL
C:\ipconfig.txt
c:\windows\system32\ccflic0.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\roxmediadb9.dll
c:\windows\system32\se45mdfl.dll
c:\windows\system32\sisagp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_A88XENC
-------\Legacy_DNWHODISP
-------\Legacy_IAIMTV0
-------\Legacy_ZTEUSBMDM6K
-------\Service_A88xEnc
-------\Service_dnwhodisp
-------\Service_iaimtv0
-------\Service_SPService
-------\Service_ZTEusbmdm6k
-------\Legacy_A88XENC
-------\Legacy_DNWHODISP
-------\Legacy_IAIMTV0
-------\Legacy_ZTEUSBMDM6K
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-11 23:59 . 2012-04-11 23:59 -------- d-----w- c:\documents and settings\ecp\Application Data\Malwarebytes
2012-04-11 23:58 . 2012-04-11 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 23:58 . 2012-04-11 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-11 23:58 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 18:29 . 2012-04-11 18:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 12:17 . 2006-02-28 12:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-06 14:40 . 2012-04-12 00:23 -------- d-----w- c:\program files\Trojan Guarder Gold Version
2012-04-05 13:22 . 2012-04-05 13:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 13:03 . 2012-04-05 13:03 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-04-05 12:59 . 2012-04-05 12:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 18:30 . 2006-02-28 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-05 13:22 . 2011-08-31 02:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-04 14:35 . 2012-02-04 14:35 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-04 14:35 . 2011-10-26 12:01 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-04 14:35 . 2011-10-26 12:01 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-18 12:19 . 2011-08-31 02:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_12.32.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-13 17:20 . 2012-04-13 17:20 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
+ 2006-02-28 12:00 . 2012-04-13 17:22 39992 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-04-07 12:22 39992 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-13 17:22 311604 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-04-07 12:22 311604 c:\windows\system32\perfh009.dat
+ 2012-04-11 16:17 . 2012-04-11 16:17 5138944 c:\windows\Installer\52324c.msi
+ 2012-04-07 13:02 . 2012-04-07 13:02 5136896 c:\windows\Installer\1a2713.msi
+ 2012-04-08 15:13 . 2012-04-08 15:13 2208768 c:\windows\Installer\107140b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-03 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-02-06 424568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-02-28 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk - c:\windows\system32\BelkinMonitor.exe [2011-8-30 372736]
Billeo.lnk - c:\qoobox\Quarantine\C\Program Files\Billeo\billeo.exe.vir [2011-10-19 1490768]
Trojan Guarder Gold Version.lnk - c:\program files\Trojan Guarder Gold Version\Trojan Guarder.exe [2012-4-6 713728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressDL.exe"=
"c:\\Documents and Settings\\ecp\\My Documents\\Downloads\\uTorrent(1).exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/11/2012 4:58 PM 654408]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2/4/2012 7:17 AM 32896]
R3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [8/30/2011 7:22 PM 78720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/11/2012 4:58 PM 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 6:22 AM 253600]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;c:\windows\system32\PCAND5BK.SYS [8/30/2011 7:22 PM 15104]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
oracleorahome92pagingserver
iAimFP5
AN983
hmonitor
aamqdispatcher
patrol_scheduler
tnbrlds
rwbackupsrv
ipsraidn
SED133x
p17
unrealircd
NIPALK
se44nd5
RTL8023xp
dktknsrv
mscsptisrv
w800mgmt
citrixxteserver
dkeysync
se2Bnd5
dot4ufd
mgisvr
co_mon
w22n51
ypcservice
atinrvxx
psasrv
issvc
G400DH
NetMsmqActivator
appnnode
AmdIde
qcmerced
aclient
DivisCTS
w550bus
es1371
incdfs
win32sl
amfilter
bthidenum
backupexecnamingservice
pnmsrv
sonicatheaterinstallerservice
SymIM
dtscsi
ageremodemaudio
ZDPSp50
W8100PCI
DSI_SiUSBXp_3_1
ql2100
kbfiltr
db2remotecmd
nvlddmkm
zntport
TOSHIBASoftModem
ATNT40K
ksthunk
guardian2
pinnaclesys.mediaserver
CAM1210
L6POD
nvnetbus
z525mgmt
se58bus
rpcnet
s117nd5
MXOFX
mod7700
arc
wdm_au8820
NxFsMon
websensecamreportserver
wusb54gv2svc
wpdusb
ZD1211BU(ZyDAS)
w810mdm
pdlndint
sandboxu
vet-filt
USBModem
pptchpad
ha10kx2k
MSW_USB
EL90X
w800mdfl
sifilter
s117bus
savrt
adpu320
AVerTV
BVRPMPR5
mfesmfk
nsm1serd
tcpip6
jsdaemon
pavagente
omniserv
comhost
toscosrv
sysmgmthp
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:22]
.
2012-04-13 c:\windows\Tasks\Express Files Updater.job
- c:\program files\ExpressFiles\EFupdater.exe [2012-02-06 10:37]
.
2012-04-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-09-01 05:18]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\ecp\Application Data\Mozilla\Firefox\Profiles\war018ks.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.prowrestling.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110910&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-84839861.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 10:21
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2012-04-13 10:23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 17:23
ComboFix2.txt 2012-04-11 14:17
ComboFix3.txt 2012-04-07 12:35
.
Pre-Run: 905,519,104 bytes free
Post-Run: 1,038,659,584 bytes free
.
- - End Of File - - 48AAE9D98294C758C4D745CD85E8FE6A
 
If your desktop is still empty....
Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then re-run aswMBR, Bootkit Remover and Combofix.
 
unhide worked

after the smarthdd problem i downloaded avast antivirus I am unable to connect to the internet, i have since uninstalled and am still unable to connect. i was able to connect before getting avast.

aswMBR, will not run
 
ran bootkit this is what i got

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 20:58:28
-----------------------------
20:58:28.171 OS Version: Windows 5.1.2600 Service Pack 2
20:58:28.171 Number of processors: 2 586 0x409
20:58:28.171 ComputerName: CNCS-AC20E5539A UserName: ecp
20:58:28.515 Initialize success
20:58:30.906 AVAST engine download error: 0
20:58:36.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
20:58:36.734 Disk 0 Vendor: ST380819AS 3.04 Size: 76319MB BusType: 3
20:58:36.750 Disk 0 MBR read successfully
20:58:36.765 Disk 0 MBR scan
20:58:36.781 Disk 0 Windows XP default MBR code
20:58:36.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
20:58:36.812 Disk 0 scanning sectors +156280320
20:58:36.875 Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:41.984 Service scanning
20:58:51.437 Modules scanning
20:58:55.578 Disk 0 trace - called modules:
20:58:55.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:58:55.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89eb6ab8]
20:58:55.671 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\00000060[0x89eb89e8]
20:58:55.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89e68d98]
20:58:55.765 Scan finished successfully
20:59:16.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ecp\Desktop\MBR.dat"
20:59:16.718 The log file has been saved successfully to "C:\Documents and Settings\ecp\Desktop\aswMBR.txt"
 
ComboFix 12-04-13.01 - ecp 04/13/2012 21:10:32.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2551.2277 [GMT -7:00]
Running from: c:\documents and settings\ecp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\245UINHfH2bdtE
C:\ipconfig.txt
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 03:12 . 2012-04-14 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-14 03:12 . 2012-04-14 03:12 -------- d-----w- c:\program files\AVAST Software
2012-04-14 02:21 . 2002-11-13 00:26 110592 ----a-w- c:\windows\system32\BelkinRes.dll
2012-04-14 02:21 . 2002-11-12 23:46 372736 ----a-w- c:\windows\system32\BelkinMonitor.exe
2012-04-14 02:21 . 2002-11-07 12:43 78720 ----a-w- c:\windows\system32\drivers\BEL6001P.sys
2012-04-14 02:21 . 2002-11-02 01:32 81920 ----a-w- c:\windows\system32\install.dll
2012-04-14 02:21 . 2002-09-20 06:34 15104 ----a-w- c:\windows\system32\PCAND5BK.SYS
2012-04-14 02:21 . 2002-09-20 06:11 61440 ----a-w- c:\windows\system32\bkw32n50.DLL
2012-04-14 02:21 . 2012-04-14 03:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-04-14 01:50 . 2012-04-14 03:09 -------- d-----w- c:\documents and settings\F5D6001
2012-04-14 01:50 . 2012-04-14 03:09 -------- d-----w- c:\documents and settings\DATA
2012-04-14 01:18 . 2012-04-14 03:10 -------- d-----w- C:\Belkin
2012-04-11 23:59 . 2012-04-11 23:59 -------- d-----w- c:\documents and settings\ecp\Application Data\Malwarebytes
2012-04-11 23:58 . 2012-04-11 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-11 23:58 . 2012-04-11 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-11 23:58 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-11 18:29 . 2012-04-11 18:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-07 12:17 . 2006-02-28 12:00 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-04-06 14:40 . 2012-04-12 00:23 -------- d-----w- c:\program files\Trojan Guarder Gold Version
2012-04-05 13:22 . 2012-04-05 13:22 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 13:03 . 2012-04-05 13:03 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-04-05 12:59 . 2012-04-05 12:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-03-18 12:19 . 2012-03-18 12:19 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 12:19 . 2012-03-18 12:19 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 18:30 . 2006-02-28 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-05 13:22 . 2011-08-31 02:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-04 14:35 . 2012-02-04 14:35 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-04 14:35 . 2011-10-26 12:01 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-04 14:35 . 2011-10-26 12:01 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-18 12:19 . 2011-08-31 02:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-07_12.32.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-14 04:09 . 2012-04-14 04:09 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2006-02-28 12:00 . 2012-04-14 04:13 40108 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-14 04:13 311912 c:\windows\system32\perfh009.dat
+ 2012-04-14 02:16 . 2012-04-14 02:16 262144 c:\windows\system32\config\systemprofile\NtUser.dat
+ 2012-04-14 03:07 . 2012-04-14 03:13 6061720 c:\windows\system32\Restore\rstrlog.dat
+ 2012-04-11 16:17 . 2012-04-11 16:17 5138944 c:\windows\Installer\52324c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-03-03 740216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-02-28 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk - c:\windows\system32\BelkinMonitor.exe [2012-4-13 372736]
Billeo.lnk - c:\qoobox\Quarantine\C\Program Files\Billeo\billeo.exe.vir [2011-10-19 1490768]
Trojan Guarder Gold Version.lnk - c:\program files\Trojan Guarder Gold Version\Trojan Guarder.exe [2012-4-6 713728]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressDL.exe"=
"c:\\Documents and Settings\\ecp\\My Documents\\Downloads\\uTorrent(1).exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/11/2012 4:58 PM 654408]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2/4/2012 7:17 AM 32896]
R3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);c:\windows\system32\drivers\BEL6001P.sys [4/13/2012 7:21 PM 78720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/11/2012 4:58 PM 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 6:22 AM 253600]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;c:\windows\system32\PCAND5BK.SYS [4/13/2012 7:21 PM 15104]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
oracleorahome92pagingserver
iAimFP5
AN983
hmonitor
aamqdispatcher
patrol_scheduler
tnbrlds
rwbackupsrv
ipsraidn
SED133x
p17
unrealircd
NIPALK
se44nd5
RTL8023xp
dktknsrv
mscsptisrv
w800mgmt
citrixxteserver
dkeysync
se2Bnd5
dot4ufd
mgisvr
co_mon
w22n51
ypcservice
atinrvxx
psasrv
issvc
G400DH
NetMsmqActivator
appnnode
AmdIde
qcmerced
aclient
DivisCTS
w550bus
es1371
incdfs
win32sl
amfilter
bthidenum
backupexecnamingservice
pnmsrv
sonicatheaterinstallerservice
SymIM
dtscsi
ageremodemaudio
ZDPSp50
W8100PCI
DSI_SiUSBXp_3_1
TPM
smartlinkservice
se45unic
PhilCam8116_XP
cccredmgr
ql2100
kbfiltr
db2remotecmd
nvlddmkm
zntport
TOSHIBASoftModem
ATNT40K
ksthunk
guardian2
pinnaclesys.mediaserver
CAM1210
L6POD
nvnetbus
z525mgmt
se58bus
rpcnet
s117nd5
MXOFX
mod7700
arc
wdm_au8820
NxFsMon
websensecamreportserver
wusb54gv2svc
wpdusb
ZD1211BU(ZyDAS)
w810mdm
pdlndint
sandboxu
vet-filt
USBModem
pptchpad
ha10kx2k
MSW_USB
EL90X
w800mdfl
sifilter
s117bus
savrt
adpu320
AVerTV
BVRPMPR5
mfesmfk
nsm1serd
tcpip6
jsdaemon
pavagente
omniserv
comhost
toscosrv
sysmgmthp
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:22]
.
2012-04-14 c:\windows\Tasks\Express Files Updater.job
- c:\program files\ExpressFiles\EFupdater.exe [2012-02-06 10:37]
.
2012-04-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-09-01 05:18]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\ecp\Application Data\Mozilla\Firefox\Profiles\war018ks.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.prowrestling.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110910&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 21:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\cryptdll.dll
.
Completion time: 2012-04-13 21:16:48
ComboFix-quarantined-files.txt 2012-04-14 04:16
ComboFix2.txt 2012-04-13 17:23
ComboFix3.txt 2012-04-11 14:17
ComboFix4.txt 2012-04-07 12:35
.
Pre-Run: 2,369,503,232 bytes free
Post-Run: 2,460,839,936 bytes free
.
- - End Of File - - 636DD05A6AD65EA8800085B0E8822A0D
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
1K
Mark Fuller
M
R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
5K
Broni
Broni
zohaibahd
Google mobile app is injecting search links into third-party websites
Replies
8
Views
355
Puiu
Puiu

Latest posts

Back