Solved Redirected Google search results

Status
Not open for further replies.

austevo

Posts: 15   +0
Feeling out of my depth but I'll have a go. had a trojan fake alert etc and thought I had everything clean but still have this google redirect thing going on.
I tried the 7 step removal and have the results below,
Ran AVG internet security 2011 full system scan, no errors
Ran a quick scan with Malwarebytes' Anti-malware.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5651

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/02/2011 1:56:46 PM
mbam-log-2011-02-01 (13-56-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 196386
Time elapsed: 42 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.

Downloaded and ran GMER.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/10/2005 10:12:08 AM
System Uptime: 22/05/2011 1:52:44 PM (3 hours ago)
.
Motherboard: Intel Corporation | | D945GCZ
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 172.349 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\18F0EA4902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\18F0EA4902700
Service: NIC1394
.
==== System Restore Points ===================
.
RP1: 22/05/2011 1:55:07 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Apple Software Update
AVG 2011
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Compatibility Pack for the 2007 Office system
CoreAVC Professional Edition (remove only)
Creative EAX Settings
Creative Speaker Settings
Critical Update for Windows Media Player 11 (KB959772)
Delta Force: Xtreme - Demo
Deutz Engine
Device Control
Device drivers for Simple Backup
FrostWire 4.21.3
Garden Composer
Google Earth
Google Update Helper
Haali Media Splitter
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 930c series (Remove only)
HP Precisionscan Pro 3.1
HP Product Detection
HP Share-to-Web
Intel Matrix Storage Manager
Intel(R) Network Connections 14.0.40.0
Java Auto Updater
Java(TM) 6 Update 25
LightScribe 1.4.136.1
LimeWire PRO 4.8.1
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyVirtualHome
Nero 7 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
Piolet 3.1.1
PowerDVD
PrintFolder 1.3
Scattergories
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
System Requirements Lab
System Requirements Lab for Intel
The Britannica Trivia Challenge Ver. 2.0
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Defender Signatures
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XP Registry Cleaner 2.0
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
22/05/2011 11:34:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
21/05/2011 8:51:54 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}. The error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding
21/05/2011 5:47:02 AM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
21/05/2011 5:47:02 AM, error: Service Control Manager [7001] - The AVG8 E-mail Scanner service depends on the AVG8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
21/05/2011 10:05:20 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
20/05/2011 7:57:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/05/2011 7:57:26 AM, error: Microsoft Antimalware [2001] -
20/05/2011 7:57:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
20/05/2011 7:50:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
20/05/2011 7:33:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm MpFilter
19/05/2011 5:35:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
19/05/2011 5:35:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:14:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Defender service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/05/2011 5:14:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/05/2011 5:14:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
19/05/2011 5:14:13 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/05/2011 5:14:08 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
19/05/2011 5:14:04 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
19/05/2011 5:14:03 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
19/05/2011 5:14:03 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
19/05/2011 5:14:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
19/05/2011 5:14:03 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Downloaded and ran DDS by sUBs.
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:59:46 on 2011-05-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1532.394 [GMT 10:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287952087359
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-22 64512]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2008-6-5 248656]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2007-2-23 34896]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2008-6-5 297168]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2151128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2005-10-14 20160]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
.
=============== Created Last 30 ================
.
2011-05-22 00:19:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-21 21:51:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 21:51:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 16:58:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-21 14:43:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-21 14:39:49 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-05-21 14:39:49 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-05-21 14:39:49 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-05-21 14:39:49 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-05-21 14:39:49 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-05-21 14:39:49 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-05-21 14:39:49 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-05-21 14:39:49 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-05-21 14:39:44 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-05-21 14:39:44 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-05-21 14:39:43 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-05-21 14:39:43 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-05-21 14:37:17 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-21 14:12:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-21 14:12:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 12:33:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-21 02:06:39 -------- d-----w- c:\windows\system32\XPToolsLicenseComponent
2011-05-21 02:06:39 -------- d-----w- c:\program files\XP Registry Cleaner
2011-05-21 00:43:20 -------- d-----w- c:\documents and settings\owner\application data\ErrorTeck
2011-05-19 22:29:30 -------- d-----w- c:\documents and settings\owner\application data\AVG10
2011-05-19 22:28:54 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-05-19 22:27:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-05-19 22:20:12 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-05-18 21:14:15 4282 ----a-w- c:\windows\exovaxesakor.dll
2011-05-18 07:31:52 0 ----a-w- c:\windows\Xxuheqewipe.bin
2011-05-18 07:31:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\{ED8AAFA6-C412-4A49-9204-2EB1EB9A225C}
2011-05-18 07:30:36 -------- d-----w- c:\documents and settings\owner\application data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3
.
==================== Find3M ====================
.
2011-05-22 00:19:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 11:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-04 14:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 06:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-21 22:13:02 22992 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
.
============= FINISH: 16:00:54.60 ===============

I would've taken the pc to the local bloke as my knowledge of computers is limited, especially in here, but he shutdown his shop last month, small town. Thanks in advance for any help is much appreciated
P.S. AVG while in safe mode found: Rootkit. TDSS.TDL4
 
Welcome to TechSpot! Considering that you have 3 versions of AVG running, the system is probably confused as to which on to use!

This is what shows in the log heading:
AV: AVG Internet Security 2011
These are just 2 of the processes you have running from older versions:
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

Please go to Add/Remove Programs and remove AVG v8 and AVG v10. Then reboot the computer.
--------------------------------------------
Did you run GMER? Log?
====================================
I'd like you run Combofix and you will have to uninstall /avg to do it. The AVG authors didn't leave any way to disable the program to run malware scan:
Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
---------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
================================
Please leave all logs in next reply.
==================================
Regarding the following:
1. HijackThis 2.0.2>> Uninstall, outdated version.
2. LimeWire PRO 4.8.1>> File sharing security danger to system. Recommend uninstall. If kept, disable and don't use while I'm helping you.
3. XP Registry Cleaner 2.0>> Advise uninstall. We don't recommend registry cleaners to anyone. If kept, do not use and/or make any registry changes while I'm helping you. (If any changes in registry are needed, I will set them up for you using script, not regedit)
 
Hello there Bobbye and thanks for your help.
AVG 2011 was the only one in Add/Remove Programs.
I have downloaded and used AppRemover to remove that one.
I ran GMER again today.
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-23 07:23:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Intel___ rev.1.0.
Running: 3q0o6ld8.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kftdipod.sys


---- System - GMER 1.0.15 ----

SSDT A9300356 ZwCreateKey
SSDT A930034C ZwCreateThread
SSDT A930035B ZwDeleteKey
SSDT A9300365 ZwDeleteValueKey
SSDT A930036A ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xACC2C738]
SSDT A930033D ZwOpenThread
SSDT A9300374 ZwReplaceKey
SSDT A930036F ZwRestoreKey
SSDT A9300360 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xACC2C7DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xACC2C878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xACC2C914]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB63323A0, 0x59FFE5, 0xE8000020]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EB000A
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EC000A
.text C:\WINDOWS\System32\svchost.exe[1496] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00EA000C
.text C:\WINDOWS\System32\svchost.exe[1496] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\svchost.exe[1496] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 010C000A
.text C:\WINDOWS\System32\svchost.exe[1496] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 010D000A
.text C:\WINDOWS\System32\svchost.exe[1496] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
and
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 14/10/2005 10:12:08 AM
System Uptime: 23/05/2011 4:21:41 AM (3 hours ago)
.
Motherboard: Intel Corporation | | D945GCZ
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 171.98 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\18F0EA4902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\18F0EA4902700
Service: NIC1394
.
==== System Restore Points ===================
.
RP2: 23/05/2011 6:00:43 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Apple Software Update
AVG 2011
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Compatibility Pack for the 2007 Office system
CoreAVC Professional Edition (remove only)
Creative EAX Settings
Creative Speaker Settings
Critical Update for Windows Media Player 11 (KB959772)
Delta Force: Xtreme - Demo
Deutz Engine
Device Control
Device drivers for Simple Backup
FrostWire 4.21.3
Garden Composer
Google Earth
Google Update Helper
Haali Media Splitter
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 930c series (Remove only)
HP Precisionscan Pro 3.1
HP Product Detection
HP Share-to-Web
Intel Matrix Storage Manager
Intel(R) Network Connections 14.0.40.0
Java Auto Updater
Java(TM) 6 Update 25
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyVirtualHome
Nero 7 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
PowerDVD
PrintFolder 1.3
Scattergories
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
System Requirements Lab
System Requirements Lab for Intel
The Britannica Trivia Challenge Ver. 2.0
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Defender Signatures
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xvid 1.1.3 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
23/05/2011 3:21:48 AM, error: Service Control Manager [7003] - The AVG8 E-mail Scanner service depends on the following nonexistent service: avg8wd
23/05/2011 3:21:48 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The system cannot find the path specified.
23/05/2011 3:21:48 AM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
23/05/2011 3:21:48 AM, error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The system cannot find the file specified.
22/05/2011 11:34:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
21/05/2011 8:51:54 AM, error: DCOM [10000] - Unable to start a DCOM Server: {FB7199AB-79BF-11D2-8D94-0000F875C541}. The error: "%2" Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding
21/05/2011 5:47:02 AM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
21/05/2011 5:47:02 AM, error: Service Control Manager [7001] - The AVG8 E-mail Scanner service depends on the AVG8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
21/05/2011 10:05:24 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
20/05/2011 7:57:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/05/2011 7:57:26 AM, error: Microsoft Antimalware [2001] -
20/05/2011 7:57:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
20/05/2011 7:50:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
20/05/2011 7:33:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm MpFilter
19/05/2011 5:35:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
19/05/2011 5:35:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:35:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
19/05/2011 5:14:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Defender service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/05/2011 5:14:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/05/2011 5:14:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
19/05/2011 5:14:13 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/05/2011 5:14:08 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
19/05/2011 5:14:04 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7034] - The Canon Inkjet Printer/Scanner/Fax Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).
19/05/2011 5:14:03 PM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
19/05/2011 5:14:03 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
19/05/2011 5:14:03 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
19/05/2011 5:14:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
19/05/2011 5:14:03 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

I have downloaded and deactivated Avira whilst using Combofix.
Combo fix is warning me that AVG Internet Security 2011 is still running, when it was removed with AppRemover. should I try it again?
Tried AppRemover again and it doesn't find AVG Internet security 2011 but Combofix is still saying it's there. How do I get rid of it?
 
Got to hand it to AVG! Looks like they have copied and pasted their security program together! Have ever seen 3 versions running at once! This is what is more likely upsetting Combofix!

DDS header shows:
AV: AVG Internet Security 2011
FW: AVG Firewall
Event Viewer shows
::21/05/2011 5:4702 AM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
21/05/2011 5:47:02 AM, error: Service Control Manager [7001] - The AVG8 E-mail Scanner service depends on the AVG8 WatchDog service which failed to start because of
Running Processes show:
C:\Program Files\AVG\AVG8\avgrsx.exe> Same file in v10
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe> Duplicate file
C:\PROGRA~1\AVG\AVG10\avgrsx.exe> Same file in v8
C:\Program Files\AVG\AVG10\avgcsrvx.exe> Duplicate file
C:\Program Files\AVG\AVG10\avgwdsvc.exe>> The process is Related to AVG Antivirus 8
C:\Program Files\AVG\AVG10\avgfws.exe>> Process identified as firewall for AVG v9 .
No wonder Combofix is having a fit!
Seems to me that if the suite has been pieced together as indicated, it would be a good reason why it can't be temporarily disabled and why Combofix gives the notice.

Try using this installer and see if it will remove v8 and any left overs from AVG 2011:
AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
Note:
  • AVG user settings will be removed.
  • Virus Vault contents will be removed.
  • All other items related to AVG installation and use will be removed.
  • You will be asked during the removal procedure to restart your computer. Please do so.
  • Make sure there is no open work in process prior to launching AVG Remover.
AVG Remover:32bit
================================================
There is a rootkit on the system- that needs to be handled:
Please download MBRCheck and save to your desktop
  • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    [o] Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    [o] Found non-standard or infected MBR.
    [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Paste this log to your next message.
 
Hello again.
MBR check done
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000054

Kernel Drivers (total 115):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0x89B3B000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7B0A000 iaStor.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltmgr.sys
0xF748E000 sr.sys
0xF7667000 Lbd.sys
0xB87EC000 drvmcdb.sys
0xB87D5000 KSecDD.sys
0xB8748000 Ntfs.sys
0xB871B000 NDIS.sys
0xB8701000 Mup.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6017000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6003000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7DAF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB5FDF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB5E88000 \SystemRoot\system32\drivers\P17.sys
0xB5E64000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xB5E41000 \SystemRoot\system32\drivers\ks.sys
0xB5E11000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xB5DEB000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xB5DC4000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB5DB0000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7587000 \SystemRoot\system32\DRIVERS\serial.sys
0xB869D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7577000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77FF000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xF7567000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7557000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7AB7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7547000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8695000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB5D99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7537000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7527000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7807000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB5D88000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7517000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7817000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6AC4000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5D2A000 \SystemRoot\system32\DRIVERS\update.sys
0xB8689000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6AB4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB47FC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79DD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAED70000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F9000 \SystemRoot\System32\Drivers\Beep.SYS
0xAF305000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAF2FD000 \SystemRoot\System32\drivers\vga.sys
0xF79FB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAF2F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAF2ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4887000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xACD63000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xACD0A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xACCE2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xACCBC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACC9A000 \SystemRoot\System32\drivers\afd.sys
0xB47CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB47AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAF2E5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xACC6F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xACBFF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAEBF6000 \SystemRoot\System32\Drivers\Fips.SYS
0xACA83000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7993000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xAEC1E000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB7DDF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xACDBE000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xACDB6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA616F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA4D75000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAEC16000 \SystemRoot\System32\drivers\Dxapi.sys
0xACD7E000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xABDCA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xA4AFF000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA566E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA4A5A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA49CD000 \SystemRoot\system32\drivers\wdmaud.sys
0xABEFA000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEC3E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA48AF000 \SystemRoot\system32\DRIVERS\srv.sys
0xA494F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA4032000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3E04000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
592 C:\WINDOWS\system32\smss.exe
648 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
924 C:\WINDOWS\system32\nvsvc32.exe
980 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1176 C:\WINDOWS\system32\svchost.exe
1324 svchost.exe
1440 svchost.exe
1532 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1620 C:\WINDOWS\system32\spoolsv.exe
1664 C:\WINDOWS\system32\rundll32.exe
1724 C:\WINDOWS\system32\rundll32.exe
1748 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1876 svchost.exe
1968 C:\WINDOWS\explorer.exe
336 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
496 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
576 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
136 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
848 C:\Program Files\Java\jre6\bin\jqs.exe
1060 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1488 C:\WINDOWS\system32\IoctlSvc.exe
1716 C:\WINDOWS\system32\svchost.exe
1980 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
236 C:\WINDOWS\system32\wuauclt.exe
2428 unsecapp.exe
2500 wmiprvse.exe
2604 alg.exe
2992 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3348 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3356 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
3432 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
3560 C:\WINDOWS\system32\rundll32.exe
3640 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3656 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3668 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
3680 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3704 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3716 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3728 C:\WINDOWS\system32\ctfmon.exe
976 C:\Program Files\Internet Explorer\iexplore.exe
1188 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number:

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
I did the removal first but the log was too big, if need be I'll try to break it up into smaller packets to send
 
part 2

AVG removal log deleted by Bobbye. Not needed.

The file that's left is 560KB, let me know if you need it I'll break it up or zip it or something.
thanks again
 
Hmm, just ran DDS again out of boredom and it seems AVG is still there, should I save everything onto an external hard drive and set fire to this computer, I'm getting tempted
steve
so am I in the too hard basket? or beyond help?
 
Instead of dropping into boredom, you should have run the Eset scan and tried again to run Combofix.

If Combofix still refuses to run saying AVG is installed, please run the Windows Installer Cleanup Utility and remove any AVG related filed.

We are only on Post #9- way to soon to be considered hard or hopeless!
 
hey Bobbye
sorry for my boredom, had 5 days off and wasted them all trying to fix this computer, anyhow I'm back to 12 hours a day at work for a while.
I ran eset, and ran Windows Installer Cleanup Utility , it didn't find AVG so I tried combofix which complained again about AVG but I ran it anyway and this is the result.
ComboFix 11-05-24.06 - Owner 25/05/2011 22:56:13.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1532.1086 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Application Data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3
c:\documents and settings\Owner\Application Data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3\enemies-names.txt
c:\documents and settings\Owner\Application Data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3\local.ini
c:\documents and settings\Owner\Application Data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3\lsrslt.ini
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\shed
c:\documents and settings\Owner\Application Data\Sun\mxd1.txt
c:\documents and settings\Owner\WINDOWS
c:\windows\exovaxesakor.dll
c:\windows\explorer(2).exe
c:\windows\patch.exe
c:\windows\settings.reg
c:\windows\system32\Data
.
----- BITS: Possible infected sites -----
.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))
.
.
2011-05-25 12:35 . 2011-05-25 12:35 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-05-25 12:35 . 2011-05-25 12:35 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-05-25 09:40 . 2011-05-25 09:40 -------- d-----w- c:\program files\ESET
2011-05-24 11:46 . 2011-05-24 11:46 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-24 11:46 . 2011-05-24 11:46 -------- d-----w- c:\documents and settings\Owner\log
2011-05-24 04:41 . 2011-05-24 04:45 -------- d-----w- C:\OziExplorer
2011-05-24 04:24 . 2011-05-24 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2011-05-24 04:15 . 2011-05-24 04:15 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-05-24 04:15 . 2011-05-24 09:59 -------- d-----w- c:\program files\Garmin
2011-05-24 04:08 . 2011-05-24 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\GARMIN
2011-05-22 22:27 . 2011-05-25 10:19 -------- d-----w- c:\windows\system32\NtmsData
2011-05-22 18:08 . 2011-05-22 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-05-22 17:44 . 2011-05-22 17:44 -------- d-----w- c:\program files\Avira
2011-05-22 17:44 . 2011-05-22 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-22 17:44 . 2011-04-01 07:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-22 17:44 . 2011-04-01 07:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-22 17:44 . 2010-06-17 05:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-22 17:44 . 2010-06-17 05:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-22 00:19 . 2011-05-22 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-21 21:51 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 21:51 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 16:58 . 2011-05-21 14:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-21 14:43 . 2011-05-21 14:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-21 14:39 . 2001-08-17 12:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-05-21 14:39 . 2001-08-17 12:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-05-21 14:39 . 2001-08-17 12:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-05-21 14:39 . 2001-08-17 12:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-05-21 14:39 . 2001-08-17 04:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-05-21 14:39 . 2001-08-17 04:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-05-21 14:39 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-05-21 14:39 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-05-21 14:37 . 2011-04-29 02:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-21 14:12 . 2011-05-21 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 12:33 . 2011-05-21 14:12 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-21 07:22 . 2011-05-22 06:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-21 00:43 . 2011-05-21 00:50 -------- d-----w- c:\documents and settings\Owner\Application Data\ErrorTeck
2011-05-19 22:28 . 2011-05-19 22:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-19 22:20 . 2011-05-19 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-18 21:21 . 2011-05-21 14:12 -------- d-----w- c:\documents and settings\Administrator
2011-05-18 07:31 . 2011-05-19 21:59 0 ----a-w- c:\windows\Xxuheqewipe.bin
2011-05-18 07:31 . 2011-05-18 07:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{ED8AAFA6-C412-4A49-9204-2EB1EB9A225C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 00:19 . 2010-12-12 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2005-10-14 00:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-02 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-27 21:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 05:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 05:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 09:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 03:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2011 12:37 AM 64512]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/05/2011 3:44 AM 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 PM 2151128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 10:21 PM 92592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/01/2010 6:33 PM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [14/10/2005 10:21 AM 20160]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/01/2010 6:33 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [29/04/2011 12:11 PM 15232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11]
.
2011-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:57]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 08:33]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 08:33]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-25 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4067135660-1359695194-3170355759-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-25 23:10:34
ComboFix-quarantined-files.txt 2011-05-25 13:10
.
Pre-Run: 185,048,764,416 bytes free
Post-Run: 185,575,956,480 bytes free
.
- - End Of File - - D2414A3245EBAA2C3DEE8C9C74EA481E
I am grateful for your help even though it might not seem so.
thanks again steve
 
Did a trend micro rootbuster scan while I was bored also, but had no idea what to do with the results (yesterday)

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 3.60.0.1016
| Computer Name: WINDOWSX-82D2FE
| User Name: Owner
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
[HIDDEN_FILE]:
FullPath : Master Boot Record (MBR) Sector
FullPathLength: 0
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x0
ShareAccess : 0x0
Type : 0x0
1 hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
SubKey : Data
FullLength: 0x5c
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
SubKey : Data 2
FullLength: 0x5e
2 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path :
OriginalHandler : 0x80578ab4
CurrentHandler : 0xacf90216
ServiceNumber : 0x29
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path :
OriginalHandler : 0x80584d39
CurrentHandler : 0xacf9020c
ServiceNumber : 0x35
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path :
OriginalHandler : 0x8059a5c9
CurrentHandler : 0xacf9021b
ServiceNumber : 0x3f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path :
OriginalHandler : 0x805991e8
CurrentHandler : 0xacf90225
ServiceNumber : 0x41
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadKey
Image Path :
OriginalHandler : 0x805b8287
CurrentHandler : 0xacf9022a
ServiceNumber : 0x62
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path :
OriginalHandler : 0x8057f93a
CurrentHandler : 0xacf901f8
ServiceNumber : 0x7a
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path :
OriginalHandler : 0x80596743
CurrentHandler : 0xacf901fd
ServiceNumber : 0x80
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwReplaceKey
Image Path :
OriginalHandler : 0x806571a8
CurrentHandler : 0xacf90234
ServiceNumber : 0xc1
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRestoreKey
Image Path :
OriginalHandler : 0x80656d3d
CurrentHandler : 0xacf9022f
ServiceNumber : 0xcc
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path :
OriginalHandler : 0x80580088
CurrentHandler : 0xacf90220
ServiceNumber : 0xf7
ModuleName :
SDTType : 0x0


--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
[KERNEL_CODE][DEVICE_OBJECT]:
Driver Name : iaStor
DeviceObject at : 8A50E030
1 Kernel code patching found.

--== Dump Hidden Services ==--
No hidden services found.
 
Another of your comments about boredom has been noted. Again, it is not appreciated. Once more mention and the thread will be closed.
=====================================
So you ran the Eset scan? What were the results?
===================================================
As for running Trend Micro RootkitBuster, it surely seems to be clear in the beginning of the preliminary removal steps:
DO NOT make any other changes to your computer (e.g. installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable that while we are in the cleaning process

And an excellent example of why we ask that you don't run these type of programs while we are helping clean the system is:
but had no idea what to do with the results (yesterday)

Did you even pause to consider that this could affect the cleaning in progress?
=================================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
c:\windows\Xxuheqewipe.bin
Folder::
c:\documents and settings\Owner\Application Data\ErrorTeck
c:\program files\Microsoft Security Client
c:\documents and settings\All Users\Application Data\FileCure
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Recommend uninstalling the following:
1. FileCure >> ParetoLogic site is not a good site. The FileCure program is a scam to 'alert' you of errors and get you to pay for their program to 'fix' them
2. ErrorTeck™ is an advanced registry cleaner> we do not recommend registry cleaners to anyone.
================================
Use Windows Explorer to delete the program folders after you uninstall the above.
=================================
Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
========-===
Combofi, Eset, Security Check & HijackThis logs in next reply please. [Nothing else
 
ComboFix 11-05-24.06 - Owner 26/05/2011 19:29:46.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1532.1078 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\Xxuheqewipe.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\FileCure
c:\documents and settings\All Users\Application Data\FileCure\fc_db.db
c:\documents and settings\All Users\Application Data\FileCure\fc_history.db
c:\documents and settings\All Users\Application Data\FileCure\fc_ignore.db
c:\documents and settings\Owner\Application Data\ErrorTeck
c:\documents and settings\Owner\Application Data\ErrorTeck\Backup\Automatic Backup_05-21-2011_10-48-50.reg
c:\documents and settings\Owner\Application Data\ErrorTeck\Backup\Automatic Backup_05-21-2011_12-04-33.reg
c:\documents and settings\Owner\Application Data\ErrorTeck\settings.ini
c:\program files\Microsoft Security Client
c:\program files\Microsoft Security Client\Antimalware\EN-US\MpAsDesc.dll.mui
c:\program files\Microsoft Security Client\Antimalware\EN-US\mpevmsg.dll.mui
c:\program files\Microsoft Security Client\Backup\en-us\amhelp.chm
c:\program files\Microsoft Security Client\Backup\en-us\epploc.cab
c:\program files\Microsoft Security Client\Backup\en-us\eula.rtf
c:\program files\Microsoft Security Client\Backup\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\Backup\x86\windows6.0-kb981889-v2.msu
c:\program files\Microsoft Security Client\Backup\x86\windows6.1-kb981889.msu
c:\program files\Microsoft Security Client\CleanUpPolicy.xml
c:\program files\Microsoft Security Client\en-us\amhelp.chm
c:\program files\Microsoft Security Client\en-us\eula.rtf
c:\program files\Microsoft Security Client\en-us\MsMpRes.dll.mui
c:\program files\Microsoft Security Client\en-us\setupres.dll.mui
c:\program files\Microsoft Security Client\en-us\shellext.dll.mui
c:\windows\Xxuheqewipe.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-25 12:35 . 2011-05-25 12:35 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-05-25 12:35 . 2011-05-25 12:35 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-05-25 09:40 . 2011-05-25 09:40 -------- d-----w- c:\program files\ESET
2011-05-24 11:46 . 2011-05-24 11:46 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-05-24 11:46 . 2011-05-24 11:46 -------- d-----w- c:\documents and settings\Owner\log
2011-05-24 04:41 . 2011-05-24 04:45 -------- d-----w- C:\OziExplorer
2011-05-24 04:15 . 2011-05-24 04:15 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-05-24 04:15 . 2011-05-24 09:59 -------- d-----w- c:\program files\Garmin
2011-05-24 04:08 . 2011-05-24 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\GARMIN
2011-05-22 22:27 . 2011-05-25 21:02 -------- d-----w- c:\windows\system32\NtmsData
2011-05-22 18:08 . 2011-05-22 18:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-05-22 17:44 . 2011-05-22 17:44 -------- d-----w- c:\program files\Avira
2011-05-22 17:44 . 2011-05-22 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-05-22 17:44 . 2011-04-01 07:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-22 17:44 . 2011-04-01 07:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-22 17:44 . 2010-06-17 05:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-05-22 17:44 . 2010-06-17 05:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-05-22 00:19 . 2011-05-22 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-21 21:51 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 21:51 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 16:58 . 2011-05-21 14:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-21 14:43 . 2011-05-21 14:43 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-21 14:39 . 2001-08-17 12:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-05-21 14:39 . 2001-08-17 12:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-05-21 14:39 . 2001-08-17 12:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-05-21 14:39 . 2001-08-17 12:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-05-21 14:39 . 2001-08-17 04:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-05-21 14:39 . 2001-08-17 04:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-05-21 14:39 . 2001-08-17 04:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-05-21 14:39 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-05-21 14:39 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-05-21 14:37 . 2011-04-29 02:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-21 14:12 . 2011-05-21 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 07:22 . 2011-05-22 06:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-05-19 22:28 . 2011-05-19 22:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-19 22:20 . 2011-05-19 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-18 21:21 . 2011-05-21 14:12 -------- d-----w- c:\documents and settings\Administrator
2011-05-18 07:31 . 2011-05-18 07:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{ED8AAFA6-C412-4A49-9204-2EB1EB9A225C}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 00:19 . 2010-12-12 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2005-10-14 00:06 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-25_13.07.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-26 09:26 . 2011-05-26 09:26 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-02 57344]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-01 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-27 21:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 05:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 05:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 09:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 03:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Xtreme Demo\\DFXDemo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2011 12:37 AM 64512]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23/05/2011 3:44 AM 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 PM 2151128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 10:21 PM 92592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/01/2010 6:33 PM 135664]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [14/10/2005 10:21 AM 20160]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/01/2010 6:33 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 09:11]
.
2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:57]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 08:33]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 08:33]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4067135660-1359695194-3170355759-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-26 19:42:54
ComboFix-quarantined-files.txt 2011-05-26 09:42
ComboFix2.txt 2011-05-25 13:10
.
Pre-Run: 185,582,956,544 bytes free
Post-Run: 185,576,955,904 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 67E3992D3C36E400611D2CAA5E21E7CB


filecure, gone
errorteck, gone



Results of screen317's Security Check version 0.99.12
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Adobe Flash Player
Adobe Reader 8.2.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Avira Antivir avguard.exe
``````````End of Log````````````


Hijack this log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:19 PM, on 26/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1287952087359
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9184 bytes


eset


C:\Documents and Settings\Owner\Desktop\PioletSetup.exe Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\1C0EE86A5538D0F0BF8AEF7F1DDA08D3\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\System Volume Information\_restore{0EF91C99-2363-4E66-9E69-6C61CED31DB8}\RP5\A0001148.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
 
Part of the AdAware program labels itself as antivirus. So you now show 3 AV programs in the Combofix header:
AV: AntiVir Desktop *Disabled/Updated*
AV: AVG Internet Security 2011 *Enabled/Updated*
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated

I have sent several emails to Lavasoft, where AdAware is from, asking about this AV part of their current program. So far, I haven't had a reply. When I had the paid some years ago, if did have AdWatch running in RealTime which alerted to any Registry changes. But it wasn't called or considered an antivirus program at that time. So I now ask you to disable it.

Do you plan to reinstall AVG when we have finished?
=====================================
There is only one entry in Eset to be removed. The 'Quobox' is where Combofix sends quarantined files and System Volume is a restore point. Those entries are not active in the system. I will have you drop old restore points and set new clean one when we're through.
=====================================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files  
    C:\Documents and Settings\Owner\Desktop\PioletSetup.exe
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please give me an update on how the system is running now.
 
I was going to ask your opinion on which antivirus to use? was thinking of trend micro as an option, what do you think of AVG?
I turned off adaware and disabled avira as always before scans.

otm log
All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\Owner\Desktop\PioletSetup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2535 bytes

User: All Users

User: Default User
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 98304 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 118761674 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 8702 bytes

User: Owner
->Temp folder emptied: 158763914 bytes
->Temporary Internet Files folder emptied: 11574923 bytes
->Java cache emptied: 11749 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1570947 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 11115462 bytes
%systemroot%\System32 .tmp files removed: 14335249 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4562471 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 306.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 05272011_075702

Files moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJV49LFM\g1309779[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJV49LFM\pageid=290963808962[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJV49LFM\searchnation_net[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJV49LFM\searchnation_net[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJV49LFM\searchnation_net[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VJV49LFM\search[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VA4ZVAOY\home[1].aspx moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VA4ZVAOY\searchnation_net[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VA4ZVAOY\searchnation_net[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VA4ZVAOY\searchnation_net[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\adh[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\in[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\pageid=290963808962[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\results4[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\searchnation_net[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\searchnation_net[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\searchnation_net[5].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\search[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\search[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T495V2IS\search[6].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\carshowroom_com_au[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\detect[2].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\google_com_au[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\google_com_au[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\pageid=290963808962[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\pageid=290963808962[2].htm moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\passback.c.r[1].php not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\redirect[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\results4[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\searchnation_net[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\searchnation_net[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\search[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\search[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\statstracker[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\viewChannelModule[1].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RS2EOXGO\viewChannelModule[2].act moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\01[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\9bff1cadda[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\g1309779[1].txt moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\get[1].media not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\get[2].media not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\gossipcenter[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\gossipcenter_com[1].txt not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\in[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\pageid=290963808962[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\pageid=290963808962[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\pageid=775873629229[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\searchnation_net[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\searchnation_net[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\searchnation_net[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOFSK17J\search[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\base[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\drupal[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\empty[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\payrisev2[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\robert-kristen-st-thomas[1].jpg moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\searchnation_net[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLKGJ916\search[3].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\captcha[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\dependent[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\g1309779[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\in[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\jquery-1.4.4.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\like[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\script[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\searchnation_net[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\searchnation_net[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\sh43[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\textarea[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N5DTQ47N\videoplayback[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\12ZWHI6P\diagnoseyourpc_com[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\12ZWHI6P\ooyala_companion_ads[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\12ZWHI6P\searchnation_net[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\12ZWHI6P\show_ads[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\12ZWHI6P\spcjs[1].php moved successfully.
C:\WINDOWS\temp\fla8C4A.tmp moved successfully.
File C:\WINDOWS\temp\fla8D4D.tmp not found!
File C:\WINDOWS\temp\fla8D4E.tmp not found!

Registry entries deleted on Reboot...


still getting redirected with google search results "waiting for lakyclktolakylok.com" shows up at the bottom of the page when redirection is happening, a random page also opened when "techspot openboards" was the only page I had open.
 
Please note: Files removed in OTM: Total Files Cleaned = 306.00 mb. This is a large number.
Most are temporary internet files which suggest you are not doing any regular maintenance on the system.

I did not request a scan with Avira. I thought I made this clear:
Combofix Eset, Security Check & HijackThis logs in next reply please. Nothing else.
===========================================
Suggest you print the following so you can refer to it when using msconfig:
Please reopen HijackThis to 'do system scan ony.' Check each of the following, if present:

C:\WINDOWS\system32\IoctlSvc.exe
C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe


Close all Windows except HijackThis and click on "Fix Checked."

None of the above are malware. None need to start on boot and run in the background. The program can be selected from the All Programs menu when it is needed. To use the print feature, click on File> Print.

You can use the msconfig utility per my instructions below to uncheck and of these processes on the Startup menu.
========================================
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Change Service Startup type as follows: (023 entry)
Click on Start> Run> type in services.msc> enter> double click on each of the following and set as instructed:
1. Canon Inkjet Printer (IJPLMSVC)> Set to Manual Startup type
2. Java Quick Starter (jqs)> Set to Disable> Stop the Service
3. PLFlash DeviceIoControl (IoctlSvc)> Set to Manual Startup
==============================================
To remove entries from the Startup Menu using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
    msconfig_open_xp.gif
  • Click on Selective Startup
  • Choose the Startup tab:
    startup_tab_xp.gif

    All images courtesy NetSquirrel
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Uncheck any processes you do not need to start on boot.
  • Click on Apply> OK when finished.
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
=============================================
Regarding antivirus programs: If you want to stay with free programs:
Have layered Security:
[o] Keep Avira or get the following
[o]Avast-Free Antivirus

If you don't object to paying, I highly recommend using: Nod32
Although it say 'antispyware' with it, it is not intrusive and I still have 2 other antispyware programs running.

[o]Use a bi-directional Firewall. Either of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm

Add at least 2 antimalware programs. I don't use 'suites'- I prefer free-standing, individual programs. I no longer recommend AVG. It was a good AV program through v7.5. But when a spyware program was bundled with it starting in v8, the performance went down. There have also been several bad updates that caused all users with AVG to think the had the Win32/Heur malware. I most cases, it was a False Positive.
============================================
Update the following:
Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Adobe Reader Update . Uninstall any earlier updates as they are vulnerabilities.
===================================
Regarding the redirect:
still getting redirected with google search results "waiting for lakyclktolakylok.com" shows up at the bottom of the page when redirection is happening,

If you are referring to what you see quickly pass in the lower left corner, that in itself does not mean you're getting redirected. If the system is well protected, those entries that represent tacking Cookies, banners and other types of adware are now going to get on the system, although they can show as the system is loading the page.
 
I ran hijack this system scan, and checked off the list and "fix checked".
"services.msc" done.
"msconfig utility" done
I kept avira.
I downloaded comodo.
I updated java and adobe, no older versions were in add/remove programs.
I normally run "disk cleanup" and also go into control panel/internet options/and delete everything in browsing history every time I get off the internet, although I haven't as much for the past week for fear of affecting this cleaning process. Please tell me if there is anything else I can do in regards to cleanup.
 
Was this resolved?
still getting redirected with google search results "waiting for lakyclktolakylok.com" shows up at the bottom of the page when redirection is happening, a random page also opened when "techspot openboards" was the only page I had open.
 
No, it was still the same, still getting redirected, "lakylok" still showing up in every redirect, if it didn't show it went to selected website.
When you mentioned to have 2 antimalware programs I went looking for a second and came across "Hitman pro 3.5" which had good reviews in "PCMag.com" it uses a brains trust of "G Data, ESET's NOD32, Avira AntiVir, Prevx, and a-squared" some of which are already on the computer and recommended by you, so I downloaded the free trial and it found a bootkit which I chose to delete and redirecting has stopped, there were some leftover bits and pieces that malwarebyte and avira cleaned up and so far so good. Although the redirecting is gone I'm not certain that all is ok. Security center won't open even though in "services.msc" it shows started and is set to auto.
what do you think?
 
Is there a particular reason you don't recommend the Hitman program?

Yes, a few. Based on what I read and the cleaning programs I run. Others may think differently. The publisher's description is:
Anti-spyware program combines up to six popular engines to maximize removal effectiveness.
Part is personal preference, wanting to maintain control over my system. Hitman is also different in the versions. One main objection is the use of multiple programs that are free on the internet. Depending on the program, it should prevent and/or remove. While the scans with Hitman are free, removal of the malware can only be done within the 30 trial.

Hitman Pro (version 1 and 2) automatically downloads, installs and runs third party anti-spyware and anti-adware programs that are freely available on the Internet:

  • [*] Eset NOD32 antivirus system (trial, expires in 30 days)
    [*] Webroot Spy Sweeper (trial, expires in 7 days)
    [*] PC tools Spyware doctor (demo, will not clean anything)
    [*] Lavasoft AdAware SE (freeware)
    [*] Safer Networking Spybot - Search & Destroy (freeware)
    [*] TrendMicro CWShredder (freeware)
    [*] JavaCool Software SpywareBlaster (freeware)
    [*] McAfee VirusScan SuperDAT (virus signature definition updates, McAfee PrimeSupport license required for qualifying product)
    [*] Ewido Micro Scanner (freeware)(AVG)

The scan time was very long, the program used many system resources and errors in the used third party programs could cause system instability

Hitman Pro is using other people’s knowledge without their permission. NOD32 has granted permission to use their software. Software producer Lavasoft is in discussion with Mr. Loman over changes to the program before granting any official permission to implement their software and McAfee says they did not grant permission and claim no knowledge at all of the program with no further comment.[/quote]

Hitman Pro 3 uses a white list that includes Windows system files and other (safe) files that are present on most PCs. Hitman Pro 3 also requires a license key to remove malware found on a users computer, however it does offer a free 30-day trial.

The new version of Hitman Pro, version 3, uses:
  • NOD32 Antivirus
  • Avira AntiVir
  • Prevx
  • G DATA Anti-Virus
  • a-squared Anti-Malware
Virus scanners are not installed on the local computer, but in the scan cloud on Internet
Unlimited free scanning and free 30-day version to remove detected malware

None of these programs- alone or together have the power of a program like Combofix- or other 'intensive' programs. While Hitman may resolve one problem, that does not mean all of the malware has been removed.

Most of the logs I see have multiple malware infections. Some, like the DNS Changer malware, will require a DNS flush and a router reset. If that isn't done, the resolution to the problem is only temporary
==========================================
Your comment:
it uses a brains trust of "G Data, ESET's NOD32, Avira AntiVir, Prevx, and a-squared" some of which are already on the computer and recommended by you, so I downloaded the free trial and it found a bootkit which I chose to delete and redirecting has stopped,
.

The authors of those programs didn't give permission to use their brains and then charge for help!

If you ran Hitman on Day 32 and it 'found' a rootkit, you would be required to buy the programs to have it removed
 
And here I was thinking I was the bearer of good news. So I guess PCMag.com and CNet.com don't care about Author's permissions as they and others rated it very highly in their reviews. It also sounded like a good concept using 5 vendors brains rather than one, I won't subscribe to "Hitman 3.5" if that's the way they do business.
So where do we go to from here?
 
Just checking if you're still helping me, it's been 3 days that's all, I'm wondering what to do next
 
Sorry for delay! The current malware seems to hit everyone on a computer:

Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
{A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
{8decf618-9569-4340-b34a-d78d28969b66}
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . I don't need this log.
====================
Open Internet Options- through Tools in IE or through the Control Panel:
Click on the Security tab> Restricted Sites> Sites> Type each of the following in the dialog box, one at time> Click on Add for each domain. Note: Be sure your spelling is exact or the block won't work:
*.lakyclktolakylok.com
lakyclktolakylok.*
====================================
Please update the Adobe Reader: Visit this Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
======================================
Reboot the computer.
=====================================
One more scan: Download bootkitremover.rar and save to your desktop.
  1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
  2. Double-click on the remover.exe file to run the program.
    NOTE: The tool should be run from a command line with Administrator privileges.
  3. Scanning should be completed quickly
  4. Paste the output in your next reply.
=====================================
 
Hello again
Ran combofix with the script, all good.
the first entry - *.lakyclktolakylok.com was accepted but the second -lakyclktolakylok.* wasn't "invalid wildcard sequence came up.
Adobe installed, old version removed.
Downloaded bootkit remover and 7 zip. and this is the log
.\debug.cpp(238) : Debug log started at 05.06.2011 - 09:49:49
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00229000 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x80700000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7607000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf7617000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7627000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7637000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf74c0000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7b0a000 0x000d5000 "iaStor.sys"
.\debug.cpp(256) : 0xf7647000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7657000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf74a0000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf748e000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf7667000 0x0000f000 "Lbd.sys"
.\debug.cpp(256) : 0xb87ec000 0x00014000 "drvmcdb.sys"
.\debug.cpp(256) : 0xb87d5000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb8748000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb8732000 0x00016000 "inspect.sys"
.\debug.cpp(256) : 0xb8705000 0x0002d000 "\WINDOWS\System32\DRIVERS\NDIS.SYS"
.\debug.cpp(256) : 0xf7717000 0x00005000 "\WINDOWS\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb86eb000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf76f7000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb6064000 0x00c2a000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb6050000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf77ef000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb602c000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf77f7000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb5ed5000 0x00157000 "\SystemRoot\system32\drivers\P17.sys"
.\debug.cpp(256) : 0xb5eb1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf7557000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb5e8e000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xb5e5e000 0x00030000 "\SystemRoot\system32\DRIVERS\ctoss2k.sys"
.\debug.cpp(256) : 0xb5e38000 0x00026000 "\SystemRoot\system32\DRIVERS\ctsfm2k.sys"
.\debug.cpp(256) : 0xb5e11000 0x00027000 "\SystemRoot\system32\DRIVERS\e100b325.sys"
.\debug.cpp(256) : 0xb5dfd000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf7547000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf77ff000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7807000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf7537000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xb8663000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf7527000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf780f000 0x00007000 "\SystemRoot\System32\Drivers\MxlW2k.SYS"
.\debug.cpp(256) : 0xf7517000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf7507000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf7a5d000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb6e69000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb865b000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb5de6000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb6e59000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb6e49000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb5dd5000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb6e39000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf7817000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf781f000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb6e29000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf79b1000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb5d77000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb8653000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb6e19000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb4b5f000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf79e7000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xa82ac000 0x00039000 "\SystemRoot\System32\DRIVERS\cmdguard.sys"
.\debug.cpp(256) : 0xa9035000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xf79d5000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xb208c000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf79d7000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xafc6d000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xafc65000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf79d9000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf79db000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xafc5d000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xafc55000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xa902d000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa8279000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa8220000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xa81fa000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xafc4d000 0x00006000 "\SystemRoot\System32\DRIVERS\cmdhlp.sys"
.\debug.cpp(256) : 0xa81d2000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb032e000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xa81b0000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb031e000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa88c3000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xa8185000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa8115000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb030e000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa80ef000 0x00026000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xa88bb000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf79df000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xb02de000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa88b3000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xa88ab000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xa801a000 0x000d5000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0xbf800000 0x001c6000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa85f6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xa889b000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xae3e3000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbd012000 0x00401000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xa7562000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xb86bb000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa7435000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xaed8c000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa73bd000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb3713000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xa72c2000 0x00003000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xa70ba000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa6905000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf79c9000 0x00002000 "\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS"
.\debug.cpp(256) : 0xb6cd6000 0x00008000 "\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys"
.\debug.cpp(256) : 0xa6564000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_1260r_____________________MH23____#4&1a913b34&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{783FAB0C-610F-445D-9EF1-D4C53D96B1BD}"
.\debug.cpp(400) : Destination "\Device\{783FAB0C-610F-445D-9EF1-D4C53D96B1BD}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Canon&Prod_MG5100_series&Rev_0102#7&700bae7&0&136C3B&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_544E8086&REV_01#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0007&SUBSYS_100A1102&REV_00#4&1e46f438&0&08F0#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_544E8086&REV_01#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{6B740CB3-D40A-43D0-9361-EBB75413AD3A}"
.\debug.cpp(400) : Destination "\Device\INTELPRO_{6B740CB3-D40A-43D0-9361-EBB75413AD3A}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&10bd2812&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2b9557d4&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&324ab58f&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&2b9557d4&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&34a976b0&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&75e94fd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd"
.\debug.cpp(400) : Destination "\Device\Lbd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a47207b5-3b3e-11e0-8bab-0013202473db}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan1"
.\debug.cpp(400) : Destination "\Device\Usbscan1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1748&MI_01#6&13ef8106&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_544E8086&REV_01#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&256db9b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_544E8086&REV_01#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C285CD08-E5FA-4F6F-90F5-0B32CF84227D}"
.\debug.cpp(400) : Destination "\Device\{C285CD08-E5FA-4F6F-90F5-0B32CF84227D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTIO"
.\debug.cpp(400) : Destination "\Device\CTIO"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{304B4923-4D15-42A1-BFA2-7520B47A86C6}"
.\debug.cpp(400) : Destination "\Device\{304B4923-4D15-42A1-BFA2-7520B47A86C6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7D7FE838-D432-482D-B3D6-DA955792E07E}"
.\debug.cpp(400) : Destination "\Device\{7D7FE838-D432-482D-B3D6-DA955792E07E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{63da4a9a-2f53-11e0-8b8d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0007&SUBSYS_100A1102&REV_00#4&1e46f438&0&08F0#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1748#136C3B#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8024&SUBSYS_544E8086&REV_00#4&1e46f438&0&28F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04a9&Pid_1748&MI_00#6&13ef8106&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\cmdGuard"
.\debug.cpp(400) : Destination "\Device\cmdGuard"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0161&SUBSYS_2A12107D&REV_A1#4&29c08469&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6bf434ba-3c3e-11da-a760-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme"
.\debug.cpp(400) : Destination "\Device\catchme"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000005c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2b9557d4&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F03#4&2b9557d4&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000005a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_0705#CN19WAD5TSB#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Inspect"
.\debug.cpp(400) : Destination "\Device\Inspect"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_1260r_____________________MH23____#4&1a913b34&0&0.1.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7350D1F2-3567-420F-A600-732400182C77}"
.\debug.cpp(400) : Destination "\Device\{7350D1F2-3567-420F-A600-732400182C77}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHP_DVD_Writer_1260r_____________________MH23____#4&1a913b34&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0007&SUBSYS_100A1102&REV_00#4&1e46f438&0&08F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\cmdhlp"
.\debug.cpp(400) : Destination "\Device\cmdhlp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_544E8086&REV_01#3&61aaa01&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MxlW2k"
.\debug.cpp(400) : Destination "\Device\MxlW2k"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0007&SUBSYS_100A1102&REV_00#4&1e46f438&0&08F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27DC&SUBSYS_30818086&REV_01#4&1e46f438&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&cd00a5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) : Destination "\Device\drvmcdb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&394e9d99&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature6D2F6D2FOffset7E00Length4A85AD0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskVolume01.0.00_U#4&1a913b34&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_0705#CN19WAD5TSB#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6B740CB3-D40A-43D0-9361-EBB75413AD3A}"
.\debug.cpp(400) : Destination "\Device\{6B740CB3-D40A-43D0-9361-EBB75413AD3A}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113"
.\debug.cpp(400) : Destination "\Device\PROCEXP113"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&34a976b0&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6A9B294F-88D9-43F9-B6A7-D9FFD5496AEA}"
.\debug.cpp(400) : Destination "\Device\{6A9B294F-88D9-43F9-B6A7-D9FFD5496AEA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTSFM2K"
.\debug.cpp(400) : Destination "\Device\CTSFM2K"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 87
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;
 
Status
Not open for further replies.
Back