Resolved Virus infection, registry seems to be damaged

Status
Not open for further replies.
A

Abonae

Hi

My PC is in a mess. CCleaner crashes when scanning the registry, Malwarebytes crashes, MSE will not run, Avira will not scan (but the "guard" seems to be scanning), AVG crashes and my browsers have been hijacked.

I have, I think, followed the steps in the sticky and here are the logs. Malwarebytes crashed when looking at the registry and did not write a log.

I would be really grateful for any pointers.

Thanks
Abo

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-07 19:44:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1203N rev.TL100-24
Running: hz1308xj.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\kgliypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip waclient.sys
AttachedDevice \Driver\Tcpip \Device\Tcp waclient.sys
AttachedDevice \Driver\Tcpip \Device\Udp waclient.sys
AttachedDevice \Driver\Tcpip \Device\RawIp waclient.sys

---- Threads - GMER 1.0.15 ----

Thread System [4:600] B5A68D20
Thread System [4:604] B9AD19E0

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] 1079119757 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
[/CODE]

DDS.txt

DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
Run by Tony at 19:47:22 on 2011-07-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.940 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Documents and Settings\Tony\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by BTopenworld
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-gb10.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\documents and settings\tony\application data\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [nwiz] nwiz.exe /install
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\tony\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: linkedin.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: morfit3dWorld - file://c:\program files\3dstate\3d webmaker\my 3d web sites\world1_1\html\morfit3dWorld.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05A2C7ED-7962-4A3F-BE2E-0A494B3C6A16} - hxxps://connect.wincanton.co.uk/wa/AssessLoader.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://creative.com/su/ocx/15015/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://download2.citrix.com/FILES/en/products/client/ica/current/ica32t.exe
DPF: {3195CF7C-E9E2-49B2-8B61-14F285298E1C} - hxxps://connect.wincanton.co.uk/wa/AccessClientLoader.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124706293640
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://creative.com/su/ocx/15023/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{40A0FFA1-F5E1-475D-9EFE-BB59E2F49D33} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A40B89F5-4532-45B0-A192-555FCA43EE2F} : DhcpNameServer = 192.168.1.1
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tony\application data\mozilla\firefox\profiles\nobje9ym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Amazon.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.telegraph.co.uk/portal/main.jhtml;$sessionid$4KMH2LYAABLNJQFIQMFCFFOAVCBQYIV0?view=HOME&grid=P13&menuId=-1&menuItemId=-1&_requestid=77111|http://news.bbc.co.uk/default.stm
FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\nobje9ym.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\xstandard\bin\NPXStandard.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-7 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-7 11608]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\hymn\VCdRom.sys [2001-12-19 8576]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2007-2-18 15872]
R1 waclient;Portwise Access Client Driver;c:\windows\system32\drivers\waclient.sys [2007-6-3 85760]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-7 61960]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [2005-4-5 6656]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-7 39984]
S1 MpKsl0d792cfe;MpKsl0d792cfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69446ae6-7681-4dd5-b7a8-89bb9a7999e7}\mpksl0d792cfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69446ae6-7681-4dd5-b7a8-89bb9a7999e7}\MpKsl0d792cfe.sys [?]
S1 MpKsl23787a3a;MpKsl23787a3a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ee35b2a-65a3-4c75-866f-f7e49bf6e021}\mpksl23787a3a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ee35b2a-65a3-4c75-866f-f7e49bf6e021}\MpKsl23787a3a.sys [?]
S1 MpKsl60ac190a;MpKsl60ac190a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4fdad097-3b3a-4ba8-8cd8-025c7b79cd4d}\mpksl60ac190a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4fdad097-3b3a-4ba8-8cd8-025c7b79cd4d}\MpKsl60ac190a.sys [?]
S1 MpKslcae3c627;MpKslcae3c627;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{45a9a7d6-7689-4e01-9262-fb130ab2a8bb}\mpkslcae3c627.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{45a9a7d6-7689-4e01-9262-fb130ab2a8bb}\MpKslcae3c627.sys [?]
S1 MpKsldfbb9437;MpKsldfbb9437;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{828924ec-062a-4104-a83a-dca182d8b8a3}\mpksldfbb9437.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{828924ec-062a-4104-a83a-dca182d8b8a3}\MpKsldfbb9437.sys [?]
S1 MpKsle08c993c;MpKsle08c993c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ecfd28a-1055-4339-817a-80a25504cf81}\mpksle08c993c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ecfd28a-1055-4339-817a-80a25504cf81}\MpKsle08c993c.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2151128]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-3-7 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys --> c:\windows\system32\drivers\wg121nd5.sys [?]
.
=============== Created Last 30 ================
.
2011-07-07 18:37:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 18:37:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 18:33:39 -------- d-----w- c:\documents and settings\tony\application data\Avira
2011-07-07 18:29:41 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-07 18:29:40 -------- d-----w- c:\program files\Avira
2011-07-07 18:29:40 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-07-07 18:09:54 388096 ----a-r- c:\documents and settings\tony\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-07 18:09:53 -------- d-----w- c:\program files\Trend Micro
2011-07-07 16:14:31 -------- d-----w- c:\program files\Free Window Registry Repair
2011-07-07 14:01:18 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-07 13:58:40 -------- d-----w- c:\program files\CCleaner
2011-07-07 13:56:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-07 13:30:26 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-07 12:22:08 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-07-07 12:03:57 25984 ----a-w- c:\windows\system32\drivers\1079119757.sys
2011-07-07 11:00:50 138240 --sha-r- c:\windows\system32\taskmgr3.dll
2011-07-07 10:38:22 -------- d-----w- c:\documents and settings\tony\Adobe Dreamweaver CS5.5
2011-07-07 10:37:17 -------- d-----w- c:\documents and settings\tony\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-07-07 10:37:11 -------- d-----w- c:\program files\Adobe Download Assistant
2011-07-07 07:04:51 -------- d-----w- c:\documents and settings\tony\local settings\application data\Installer2464
2011-07-07 06:50:12 -------- d-----w- c:\documents and settings\tony\local settings\application data\Installer2744
2011-07-05 15:52:44 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-07-05 15:44:27 -------- d-----w- c:\program files\ImageMagick-6.7.0-Q16
2011-07-05 12:38:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-05 12:38:52 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-07-05 12:38:52 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-07-05 12:38:52 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-07-05 12:38:52 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-07-05 12:38:52 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-05 12:38:51 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-05 12:38:51 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-05 12:33:33 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-07-05 12:33:30 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-07-02 13:20:50 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2011-07-02 13:20:50 2463976 ----a-w- c:\program files\mozilla firefox\plugins\NPSWF32.dll
2011-07-02 13:20:50 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2011-07-02 13:20:50 190696 ----a-w- c:\program files\mozilla firefox\plugins\NPSWF32_FlashUtil.exe
2011-07-02 13:02:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 07:14:50 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 16:12:40 -------- d-----w- c:\program files\HTMLPad 2010
2011-06-15 16:12:40 -------- d-----w- c:\documents and settings\tony\application data\Blumentals
2011-06-15 16:10:52 -------- d-----w- c:\documents and settings\tony\application data\JGsoft
2011-06-15 16:06:18 65776 ----a-w- c:\windows\UnDeploy.exe
.
==================== Find3M ====================
.
2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 19:48:23.70 ===============
attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 05/04/2004 17:11:25
System Uptime: 07/07/2011 19:16:51 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is CDROM ()
C: is FIXED (NTFS) - 107 GiB total, 50.686 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.57 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is CDROM ()
M: is CDROM ()
N: is Removable
P: is CDROM ()
Y: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart Premium C309g-m
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Premium C309g-m,192.168.1.8
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1: 07/07/2011 13:26:08 - System Checkpoint
RP2: 07/07/2011 14:29:38 - Installed Ad-Aware
RP3: 07/07/2011 14:29:57 - Installed Ad-Aware
RP4: 07/07/2011 16:43:43 - Restore Operation
RP5: 07/07/2011 19:09:51 - Installed HiJackThis
.
==== Installed Programs ======================

32 Bit HP CIO Components Installer
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Community Help
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe Dreamweaver CS3
Adobe Dreamweaver CS5.5
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Scripting Support 1.0
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AiO_Scan
AIOMinimal
AiOSoftware
Apple Application Support
Apple Software Update
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Battlefield 2: Deluxe Edition
BufferChm
Burn4Free 1.0.0.588
C309g-m
CameraHelperMsi
CCleaner
Citrix Web Client
CmdHere Powertoy For Windows XP
CodeStuff Starter
Compatibility Pack for the 2007 Office system
Cool MP3 Splitter 3.0
Coupon Printer for Windows
Creative Removable Disk Manager
Creative System Information
Desktop To Go
Destinations
DeviceDiscovery
DivX
DOC Regenerator
DocProc
Dropbox
erLT
ESBUnitConv v4.5.1
Family History Resource File Viewer 2.0
Family Tree
Fax
FileZilla Client 3.5.0
Free PS Convert driver 8.15
Free Window Registry Repair
gdShutdown
gdTunes
GeoWeb
GNU Backgammon (MAIN branch, 20110117 code)
GnuWin32: CoreUtils version 5.3.0
Google Chrome
Google Desktop
Google Desktop Plugin - Del.icio.us
Google Desktop Plugin - IPS Website Counter
Google Desktop Plugin - Tic Tac Toe
Google Desktop Plugin - Traffic Check
Google Desktop System Monitor Plugin
Google Desktop Todo Plugin
Google Earth
Google SketchUp
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
GPBaseService2
Grep-2.5.1 Binaries (GnuWin32)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Customer Participation Program 14.0
HP Deskjet Preloaded Printer Drivers
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
HP PSC & OfficeJet 3.0
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
HTMLPad 2010 v10.2
ImageMagick 6.7.0-10 Q16 (2011-07-01)
inSSIDer 2.0
Intel(R) Extreme Graphics Driver
Internet Explorer Password Recovery Master 1.4
J2SE Runtime Environment 5.0 Update 2
James Bond 007: Nightfire
Java 2 Runtime Environment, SE v1.4.2
Java 2 SDK, SE v1.4.2_04
Java Auto Updater
Java(TM) 6 Update 26
Jing
KBD
Logitech Gaming Software
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Macromedia Extension Manager
Make-Your-Own-Opoly
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework SDK (English) 1.1
Microsoft ActiveSync 3.8
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft Project 2000 SR-1
Microsoft Silverlight
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Toolbox Controls Installer
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mobile Bristol Toolkit
Mozilla ActiveX Control v1.7.12
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
MyDefrag v4.3.1
NatWest Book-Keeper
NCH Toolbox
NetBeans IDE 3.6
NETGEAR WG111v3 wireless USB 2.0 adapter
NetHelp
Network
Network Play System (Patching)
Nexcal v1.6
Notepad++
NTREGOPT 1.1j
NVIDIA Drivers
NVIDIA GART Driver
OCR Software by I.R.I.S. 14.0
PDF Settings
PDFCreator
PGPfreeware 6.5.8
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PopEdit v1.3.1 - The Populous 3 Editor
Populous Skirmish BETA 0.4
Populous: The Beginning
PPC 2003 - MSN (R) Messenger Update
PrintScreen
PS_AIO_06_C309g-m_SW_Min
PS2
PSShortcutsP
QuickTime
QuickTransfer
Readme
RealPlayer
Recuva
Remove Hidden Data Tool
Roxio UDF Reader
SafeCast Shared Components
Scan
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
SequoiaView
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
Slice Audio File Splitter
SmartFTP Client 2.0 Setup Files (remove only)
SmartWebPrinting
SolutionCenter
SoundTap Streaming Audio Recorder
Speccy
Spelling Dictionaries Support For Adobe Reader 9
Status
Stellarium 0.9.1
Swat It v2.1
Toolbox
TrayApp
Tweak UI
TweakGDS
Typing Tutor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2541763)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.4
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 9 Series SDK
Windows Media Player 11
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.0
XStandard
.
==== Event Viewer Messages From Past Week ========
.
30/06/2011 13:20:08, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0026F2B2E7B0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
30/06/2011 08:24:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
07/07/2011 19:41:31, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
07/07/2011 19:32:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
07/07/2011 19:01:00, error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The system cannot find the file specified.
07/07/2011 16:44:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter VD_FileDisk
07/07/2011 16:38:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip VD_FileDisk waclient WS2IFSL
07/07/2011 16:33:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
07/07/2011 15:54:28, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
07/07/2011 15:53:38, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip VD_FileDisk waclient WS2IFSL
07/07/2011 15:53:38, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
07/07/2011 15:53:38, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07/07/2011 15:53:17, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/07/2011 15:38:11, error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:38:11, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:23:23, error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the file specified.
07/07/2011 15:17:14, error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:17:11, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/07/2011 15:12:03, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:12:03, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:12:03, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:12:03, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 15:12:03, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 14:46:04, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.
07/07/2011 14:40:10, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
07/07/2011 13:26:43, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
07/07/2011 13:05:15, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
03/07/2011 14:02:45, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help you try to find the problem.
Please note: Do not put the logs in Code or Quote boxes. It looks nice but it also cuts down on the real estate for the log displays. It means I have to navigate in each logs to see the entries and that's too time consuming. I have edited your logs so you can see the difference.
============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
You show 2 antivirus program running: Avira and MSE and you also mention AVG. Please get this down to 1 antivirus program. Multiple AV programs actually make a system more vulnerable, not less.
Reboot the computer when finished.
====================================
I note you installed this program: 2011-07-07 16:14:31>>[ c:\program files\Free Window Registry Repair
Did you run the program? Did you back up the registry first?
=====================================
I also note that you did this: RP4: 07/07/2011 16:43:43 - Restore Operation
What kind of 'restore' did you do? How far back did you go if you did a System Restore?
Are these logs from before or after the restore>
======================================
See if this will help run Malwarebytes:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again
 
Hi

You show 2 antivirus program running: Avira and MSE and you also mention AVG. Please get this down to 1 antivirus program. Multiple AV programs actually make a system more vulnerable, not less.
Reboot the computer when finished.
Click to expand...
====================================
Done.
I note you installed this program: 2011-07-07 16:14:31>>[ c:\program files\Free Window Registry Repair
Did you run the program? Did you back up the registry first?
=====================================
Click to expand...
No. Although the program seems to back it up each time it runs - like ccleaner.

I also note that you did this: RP4: 07/07/2011 16:43:43 - Restore Operation
What kind of 'restore' did you do? How far back did you go if you did a System Restore?
Click to expand...
The only restore points available were for earlier that day. I tries to restore to the earliest point, but it said there were no system changes to restore to.

Are these logs from before or after the restore>
======================================
Click to expand...
After, but I don't think the restore did anything.

I will download the mbam renamer.

Thanks
 
mbam still crashing

I ran the mbam renamer and it created a shortcut to a renamed file.

I ran this and it started by:
enumerating registry objects prior to scan
Click to expand...
and then it disappeared.

After this, I could not run the program again. I got the following message from windows:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
Click to expand...

Thanks
 
Success

Hi

I decided to take the plunge and I ran the Avira Rescue CD that I was able to download. This managed to fix my system!!

Abo
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
815
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back