[Not curable - Ramnit] Followed 8 Steps - VBS/Generic;Win32/Heur;Win32/Zbot.E

Status
Not open for further replies.
W

willdud

Posts: 8   +0
Hi,

AVG first reported a Win32/Heur and VBS/Generic virus on my laptop yesterday (some 2563 files and 74 more today).

I have since been following the 8 steps guide, here are the logs (except GMER which caused bsod twice).


"Scan ""Scan whole computer"" completed."
"Infections";"74";"74";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"12 October 2010, 19:20:12"
"Scan finished:";"12 October 2010, 20:40:56 (1 hour(s) 20 minute(s) 43 second(s))"
"Total object scanned:";"265686"
"User who launched the scan:";"Zoe"

"Infections"
"File";"Infection";"Result"
"C:\TOOLSCD\Sound Driver\WDM\RTLCPL.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Display Driver\Intel\Win2000\igfxress.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Display Driver\Intel\Win2000\ialmgicd.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\TOOLSCD\Config Free\Package\NDSFiles\NDSParts.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\SUPPORT\TOOLS\MSRDPCLI.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\SUPPORT\TOOLS\FASTWIZ.EXE";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\WirelessFTP.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Textease\directx8a\dsetup32.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\RecordNow!\RecordNow.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Sonic\RecordNow!\gdiplus.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\SMART Technologies Inc\Notebook Software\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Real\RealPlayer\rpplugins\rjbdll.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkRotateLib3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbTransfer.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbPProj.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NkbNEF.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\NEFLibrary3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Nikon\PictureProject\Asteroid6.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Mozilla Firefox\freebl3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wkwpac.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksss.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksdb.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Messenger\msmsgs.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\MagicISO\misosh.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Java\jre6\bin\client\jvm.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\InterVideo\WinDVD\GPIProxy.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\InterVideo\Common\Bin\GPIProxy.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\msxml3.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzrcv01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Temp\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\esupport\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\esupport\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\devicemanagement\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\devicemanagement\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqvwr08.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\bin\hpqtbp01.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\xmlparse.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzshl01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzmsi01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzdui01.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\ie\5.2.1.1588\plugin_ax.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\QtGui4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\QtCore4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\SMART Technologies Inc\pdflib.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Services\NkvBurnIM.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Services\muveePlugin.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Nikon\Library\NkBrowseLib4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\Visual Database Tools\vdt70.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_01.b08\patchjre.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\DivX Shared\Qt4.5\QtCore4.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Common Files\Activ Software\qt-mt334.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Adobe\Reader 8.0\Reader\rt3d.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Activ Software\Inspire\Inspire.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Program Files\Activ Software\Inspire\hwr\engine\bin\win-i586\MyScriptHWR.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\I386\WINNT32U.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\I386\WINNT32A.DLL";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\My Documents\Zoe's Work\Uni Work\Year 4\School Exp 4\School Exp Resources\Resources\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\My Documents\Zoe's Work\Uni Work\Year 4\School Exp 4\School Exp Resources\Resources\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Desktop\Lower Fields\Resources\Textease\Textease.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Desktop\Lower Fields\Resources\Textease\ltkrn10N.dll";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"
"C:\Documents and Settings\Zoe\Application Data\U3\temp\Launchpad Removal.exe";"Virus identified Win32/Zbot.E";"Moved to Virus Vault"



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/10/2010 21:40:29
mbam-log-2010-10-12 (21-40-29).txt

Scan type: Quick scan
Objects scanned: 117206
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\00539421 (Rogue.Multiple) -> No action taken.
C:\Program Files\system32 (Backdoor.Bifrose) -> No action taken.

Files Infected:
C:\Documents and Settings\Zoe\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
 
More logs

DDS (Ver_10-10-10.03) - NTFSx86
Run by Zoe at 22:07:07.54 on 12/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1270.730 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\Documents and Settings\Zoe\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies inc\notebook software\NotebookPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus C48 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /M "Stylus C48" /EF "HKCU"
uRun: [{BD972598-1D92-82F2-BA8A-971A5279E659}] "c:\documents and settings\zoe\application data\bimo\xaup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TOSHIBA Accessibility] c:\program files\toshiba\accessibility\FnKeyHook.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TPSMain] TPSMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EPSON Stylus C48 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
mRun: [adiras] adiras.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ActivControl] c:\program files\activ software\activdriver\ActivControl2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zoe\applic~1\mozilla\firefox\profiles\4lyals0n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\zoe\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-2 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-5 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2010-5-26 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2010-5-26 6144]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies inc\smart board software\WebServer.exe [2007-11-2 767240]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-7 136176]

=============== Created Last 30 ================

2010-10-12 17:28:07 -------- d-----w- c:\program files\system
2010-10-11 16:59:46 -------- d-----w- c:\program files\windows
2010-10-11 06:32:40 -------- d-----w- c:\program files\tmp
2010-10-09 21:32:25 14808 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2010-10-09 21:32:23 718296 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2010-10-07 17:34:54 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-07 17:34:53 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-03 16:42:43 -------- d--h--w- c:\windows\PIF
2010-09-23 19:16:43 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-07-17 08:56:31 12536 ----a-w- c:\windows\system32\avgrsstx.dll

============= FINISH: 22:09:44.79 ===============
 
DDS (Ver_10-10-10.03)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 01/05/2006 15:56:28
System Uptime: 10/12/2010 22:04:51 (-1416 hours ago)

Motherboard: TOSHIBA | | ECU00
Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1728/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 10.197 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AUY876WB IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AUY876WB IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: axn3ikuj

==== System Restore Points ===================

RP488: 12/10/2010 19:28:51 - Removed Creative Memories StoryBook Creator Plus 3

==== Installed Programs ======================

µTorrent
ActivDriver x86 v5.5
ActivInspire Help (GBR) v1
ActivInspire HWR Resources (ENU) v1
ActivInspire v1
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
ALPS Touch Pad Driver
ArcSoft Panorama Maker 3
AVG Free 9.0
Bluetooth Stack for Windows by Toshiba
Broadband Help
BroadJump Client Foundation
BufferChm
CD/DVD Drive Acoustic Silencer
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Setup
Driving Test Success - All Tests (2008-2009)
EPSON Printer Software
eSupportQFolder
F300
F300_Help
Fax_CDA
Google Chrome
Google Earth Plug-in
Google Update Helper
Horrible Science
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 1
Java Auto Updater
Java(TM) 6 Update 18
Macromedia Flash Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Word Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.10)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NewCopy_CDA
Nikon Message Center
OOBE06_Exp2
Pictogram
PictureProject
PictureProject In Touch Downloader 1.0
ProductContextNPI
QuickTime
Readme
RealPlayer
Realtek AC'97 Audio
SAGEM F@st 800-840
Scan
ScannerCopy
SD Secure Module
Secure Game Player
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
 
DDS Attach Cont...


Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SMART Board Software
SMART Essentials for Educators
SMSC IrCC V5.1.3600.5 SP2
Softease
SolutionCenter
Sonic DLA
Sonic RecordNow!
Spotify
Status
Texas Instruments PCIxx21/x515 drivers.
Textease
Theme Park Inc
TIxx21/x515
Toolbox
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Controls Driver
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Power Saver Driver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Virtual Sound
TOSHIBA Zooming Hook
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Mass Storage Toolbox
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
VLC media player 0.9.2
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

12/10/2010 22:06:40, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a37cda0, parameter3 8a37cf14, parameter4 805fa2f8.
12/10/2010 21:56:33, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a3763e8, parameter3 8a37655c, parameter4 805fa2f8.
12/10/2010 21:44:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/10/2010 21:06:52, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 21:06:52, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 21:06:52, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2010 21:06:52, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/10/2010 19:53:07, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\migrate.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 10.0.0.3646.
12/10/2010 19:40:02, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.3664.
12/10/2010 19:38:09, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4027.0.
12/10/2010 19:29:03, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/10/2010 21:11:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\migrate.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 10.0.0.3646, the version of the system file is 10.0.0.3646.
11/10/2010 19:56:48, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\npdsplay.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 3.0.2.628.
11/10/2010 19:56:48, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 10.0.0.3646.
11/10/2010 19:56:47, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 10.0.0.3646.
11/10/2010 19:55:18, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.3355.
11/10/2010 19:55:12, information: Windows File Protection [64002] - File replacement was attempted on the protected system file wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 10.0.0.3646.
11/10/2010 19:55:02, information: Windows File Protection [64002] - File replacement was attempted on the protected system file npdsplay.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 3.0.2.628.
11/10/2010 19:55:02, information: Windows File Protection [64002] - File replacement was attempted on the protected system file mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 10.0.0.3646.
11/10/2010 19:55:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file migrate.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 10.0.0.3646, the version of the system file is 10.0.0.3646.
11/10/2010 19:40:18, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabimp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.3138.
11/10/2010 19:40:06, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.3664, the version of the system file is 6.0.2900.3664.
11/10/2010 19:37:48, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4027.0, the version of the system file is 2.1.4027.0.
11/10/2010 19:28:18, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\wab32.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.3138.
11/10/2010 19:28:01, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\directdb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.3138.
11/10/2010 19:28:00, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.1128.0.
11/10/2010 19:28:00, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.1128.0.
11/10/2010 19:27:59, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.1128.0.
11/10/2010 19:27:58, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.1128.0.
09/10/2010 16:00:00, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
09/10/2010 16:00:00, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
09/10/2010 15:00:00, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
09/10/2010 15:00:00, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
09/10/2010 14:00:00, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
09/10/2010 14:00:00, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
08/10/2010 23:00:00, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
08/10/2010 23:00:00, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
07/10/2010 22:36:23, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
07/10/2010 22:00:00, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
07/10/2010 22:00:00, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
07/10/2010 21:00:00, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
07/10/2010 21:00:00, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
07/10/2010 20:00:00, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
07/10/2010 20:00:00, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
07/10/2010 19:00:00, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
07/10/2010 19:00:00, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
07/10/2010 18:00:00, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
07/10/2010 18:00:00, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
07/10/2010 17:46:54, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
06/10/2010 17:00:00, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
06/10/2010 17:00:00, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
06/10/2010 16:49:37, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00166F2E8641 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


Side effects seem to be random install files launching whenever a document, program or folder is opened. AVG Resident shield keeps popping up not sure if it is legit.

Any help would be greatly appreciated, thanks :)
 
Welcome aboard
yahooo.gif


Please, do NOT wrap your logs in code.

Your MBAM log says "No action taken" after each line.
Re-run MBAM, FIX all issues and post fresh log.
 
Thank you, sorry about the code. I posted the mbam log before I clicked fix last time by mistake (although I did then fix them). Here is yesterdays actual log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/10/2010 21:41:30
mbam-log-2010-10-12 (21-41-30).txt

Scan type: Quick scan
Objects scanned: 117206
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\00539421 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\system32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Zoe\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.



I then ran it again this morning and nothing was found:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/10/2010 21:41:30
mbam-log-2010-10-12 (21-41-30).txt

Scan type: Quick scan
Objects scanned: 117206
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nonep (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\00539421 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\system32 (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Zoe\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

However, installer is still running when I try to open anything. (The installer is not relevant to the program/folder I am trying to open).
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 106):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74D5000 spoo.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74BD000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF748F000 ACPI.sys
0xF747E000 pci.sys
0xF75F7000 ohci1394.sys
0xF7607000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7617000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7859000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF783A000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF796F000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA7E0000 fltMgr.sys
0xBA7CE000 sr.sys
0xBA7B9000 drvmcdb.sys
0xF7667000 PxHelp20.sys
0xBA702000 KSecDD.sys
0xBA6EF000 WudfPf.sys
0xBA662000 Ntfs.sys
0xBA635000 NDIS.sys
0xBA61A000 Mup.sys
0xBA53B000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF772F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA518000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7737000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA205000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7687000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF773F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA1EC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7747000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7697000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7991000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA1C9000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA1B6000 \SystemRoot\system32\DRIVERS\activhidsermini.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA17C000 \SystemRoot\system32\DRIVERS\bridge.sys
0xF7777000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA165000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA0B4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF746E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF745E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7999000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA05B000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA5DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\activmouse.sys
0xF744E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF743E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A5F000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77FF000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7807000 \SystemRoot\System32\drivers\vga.sys
0xB9FCF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79AB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7817000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF774F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7923000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB9F74000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB9F1C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB9EE2000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB9EC1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9E99000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9E6D000 \SystemRoot\System32\drivers\afd.sys
0xF742E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9E42000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB9DD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7887000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9D93000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA04B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77AF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A6B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB989B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB95CC000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 19):
0 System Idle Process
4 System
736 C:\WINDOWS\system32\smss.exe
784 csrss.exe
808 C:\WINDOWS\system32\winlogon.exe
852 C:\WINDOWS\system32\services.exe
864 C:\WINDOWS\system32\lsass.exe
1008 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1268 C:\Program Files\AVG\AVG9\avgchsvx.exe
1288 svchost.exe
1492 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1520 C:\Program Files\AVG\AVG9\avgcsrvx.exe
292 C:\WINDOWS\explorer.exe
308 C:\WINDOWS\system32\svchost.exe
564 wmiprvse.exe
1220 C:\Documents and Settings\Zoe\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541040G9AT00, Rev: MB2OA60A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!
 
ComboFix 10-10-12.03 - Zoe 13/10/2010 8:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1270.803 [GMT 1:00]
Running from: c:\documents and settings\Zoe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Zoe\Application Data\Bimo
c:\documents and settings\Zoe\Application Data\Bimo\xaup.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\dmlconf.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-12 17:28 . 2010-10-13 05:30 -------- d-----w- c:\program files\system
2010-10-11 16:59 . 2010-10-13 06:44 -------- d-----w- c:\program files\windows
2010-10-11 06:32 . 2010-10-13 05:30 -------- d-----w- c:\program files\tmp
2010-10-09 21:32 . 2010-10-09 21:32 14808 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-10-09 21:32 . 2010-10-09 21:32 718296 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-10-07 17:34 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-07 17:34 . 2004-08-03 23:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-03 16:42 . 2010-10-03 16:42 -------- d--h--w- c:\windows\PIF
2010-09-23 19:16 . 2010-09-23 19:16 1409 ----a-w- c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"EPSON Stylus C48 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-16 99840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 88358]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-05-10 675840]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-04-30 24576]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-03-30 28672]
"TPSMain"="TPSMain.exe" [2005-01-21 266240]
"NDSTray.exe"="NDSTray.exe" [BU]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-01-14 122939]
"EPSON Stylus C48 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-16 99840]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-11 118784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-23 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2010-06-10 1092896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 08:56 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Zoe^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\Zoe\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
2003-01-27 16:16 376912 ----a-w- c:\program files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-21 20:32 133104 ----atw- c:\documents and settings\Zoe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-11-17 09:56 1077327 ----a-w- c:\program files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-23 14:52 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-27 09:04 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2004-07-14 15:07 24576 ----a-w- c:\windows\system32\ZoomingHook.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Zoe\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/09/2009 14:52 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/09/2009 14:52 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/07/2010 09:56 308136]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [26/05/2010 15:20 74752]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [26/05/2010 15:21 6144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [01/05/2009 16:31 38224]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [02/11/2007 06:48 767240]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/07/2010 22:45 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/10/2009 20:44 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:58]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:58]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278279896-2615095426-3511913592-1006Core.job
- c:\documents and settings\Zoe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-21 20:32]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3278279896-2615095426-3511913592-1006UA.job
- c:\documents and settings\Zoe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-21 20:32]

2006-05-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-20 12:00]

2006-05-01 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-20 12:00]

2006-05-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-05-20 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Zoe\Application Data\Mozilla\Firefox\Profiles\4lyals0n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Zoe\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{BD972598-1D92-82F2-BA8A-971A5279E659} - c:\documents and settings\Zoe\Application Data\Bimo\xaup.exe
HKLM-Run-HWSetup - c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe
HKLM-Run-adiras - adiras.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Broadbandadvisor - c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-TPNF - c:\program files\TOSHIBA\TouchPad\TPTray.exe
MSConfigStartUp-workflow - d:\installs\workflow.exe
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe
AddRemove-HPExtendedCapabilities - c:\program files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe
AddRemove-InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{F47B2DF8-35EC-4B51-B5F2-0E03EF5F51DA} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C} - c:\program files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\ACTIV Software\ActivApplications\ActivFocusHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TCtrlIOHook.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-10-13 08:22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-13 07:22

Pre-Run: 13,978,071,040 bytes free
Post-Run: 13,845,954,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9731847C2DDA903A619C448B5B3ED84E


EDIT--
As I posted this AVG spotted several Zbot.E
 
I'm afraid I have very bad news.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system
Click to expand...
Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).
Click to expand...


Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
 
Hey thanks for all your help. Do you know if there is any way I can save some data from this machine? its my girlfriends laptop and its got all her teacher resources and lessons on it.

--Edit--

What from the log indicates this virus? So I can maybe interporate logs like these myself in-future.
 
See here: http://about-threats.trendmicro.com/ArchiveMalware.aspx?language=us&name=PE_RAMNIT.A

If you look at your Combofix log, you can see:
c:\program files\Microsoft\DesktopLayer.exe
and
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

======================================================================

Yes, you can backup data, but you have to be very careful and stick to certain procedures.
Let me know, where are you planning to back up data to and I'll let you know what to do.
 
Status
Not open for further replies.

Similar threads

Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni

Latest posts

Back