Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix dosen't work


  • This topic is locked This topic is locked
6 replies to this topic

#1 Emin_ence

Emin_ence

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 22 February 2009 - 03:11 AM

Well I'm waiting for a reply at the Techsupport forum, but might as well post here as well, I am asked to use combofix by one of their certified people. It's an XP computer, but it says it isnt compatible with my OS (XP) but it says it's compatible with 2000/XP so it dosen't make sence, and now I cannot run it unless I boot it up in safe mode and run as administrator account, will it still work in safe mode?

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:25 AM

Posted 22 February 2009 - 12:20 PM

This isn't the correct forum for combofix, but that doesn't matter. Since the helper at the other forum is supposedly qualified, I would wait for him to post back.
If you have no luck, post a HJT log and our HJT team can help you sort it out
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:25 AM

Posted 22 February 2009 - 01:11 PM

Security Center tetonbob, Manager | sUBs, Assistant Manager


If anyone can get Combofix to work, it will be sUBs
Chewy

No. Try not. Do... or do not. There is no try.

#4 Emin_ence

Emin_ence
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 22 February 2009 - 02:20 PM

Security Center tetonbob, Manager | sUBs, Assistant Manager


If anyone can get Combofix to work, it will be sUBs

could we get him in here? the tsf have discontineud hjt and my inet connection dosen't work on my XP

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:25 AM

Posted 22 February 2009 - 03:14 PM

http://www.techsupportforum.com/security-c...al-request.html

Their malware removal forum is alive and well, they have just renamed it

You are in good hands there, be patient
Chewy

No. Try not. Do... or do not. There is no try.

#6 Emin_ence

Emin_ence
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 22 February 2009 - 03:18 PM

Now it says Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. So now I have two problems, it won't let me open ComboFix and it says its incompatable, and I am a computer administrator.

cmd.exe, svchost.exe's are being manipulating 2-3 iexplore.exe's open and use my internet connection and system sound is off. cmd dosent run, TCP/IP dosent run so i have no internet connection on my other computer, im pretty sure the viruses disabled alot of my services here's some information (McAfee is uninstalled now btw)

DDS (Ver_09-02-01.01) - NTFSx86
Run by Emin at 13:43:15.64 on Fri 02/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Emin\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {2b724a82-87a0-4b68-8e3d-0ba992973808} - c:\windows\system32\cbXOhEvs.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
TB: {B9D1647F-A66A-4695-B249-07901A45FF59} - No File
uRun: [Aim6]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] "c:\program files\registry mechanic\RegMech.exe" /H
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Kernel and Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE"
mRun: [Explorer] "c:\windows\system32\msrstart.exe"
mRun: [ThreatFire] "c:\program files\threatfire\TFTray.exe"
mRun: [AVG8_TRAY] "c:\progra~1\avg\avg8\avgtray.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31EE92CA-C0F5-48F7-AE60-B54CDF3BB76C} - hxxp://219.105.35.37/player/AcqVPlayerX_2_0_2_21.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189738225015
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbXOhEvs

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emin\applic~1\mozilla\firefox\profiles\g4xgcheh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\emin\application data\mozilla\firefox\profiles\g4xgcheh.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-2-18 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-2-18 39184]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2008-10-2 110304]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-2-18 33040]
S2 afisicx;afisicx;c:\windows\system32\afisicx.exe [2004-8-10 96768]
S2 gupdate1c93875f5b0a676;Google Update Service (gupdate1c93875f5b0a676);c:\program files\google\update\GoogleUpdate.exe [2008-10-27 133104]
S2 mabidwe;mabidwe;c:\windows\system32\mabidwe.exe [2004-8-10 65536]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 116736]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S2 noytcyr;noytcyr Service;c:\windows\system32\noytcyr.exe --> c:\windows\system32\noytcyr.exe [?]
S2 roytctm;roytctm;c:\windows\system32\roytctm.exe --> c:\windows\system32\roytctm.exe [?]
S2 soxpeca;soxpeca;c:\windows\system32\soxpeca.exe --> c:\windows\system32\soxpeca.exe [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-8-16 26488]
S2 tdydowkc;tdydowkc;c:\windows\system32\tdydowkc.exe [2004-8-10 202752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S2 wsldoekd;wsldoekd Service;c:\windows\system32\wsldoekd.exe [2004-8-10 202240]
S3 Dua1;Dua1;\??\c:\docume~1\emin\locals~1\temp\rar$ex00.718\dualengine2\dualengi.sys --> c:\docume~1\emin\locals~1\temp\rar$ex00.718\dualengine2\DualEngi.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2008-10-2 1548380]
S3 geebers12;geebers12;\??\c:\documents and settings\emin\desktop\blorbslayerengine\blorbslayerengine\blorbslayerengine\nvid888.sys --> c:\documents and settings\emin\desktop\blorbslayerengine\blorbslayerengine\blorbslayerengine\nvid888.sys [?]
S3 GGK;GGK;\??\c:\documents and settings\emin\desktop\ggk\ggk\ggk\ggk.sys --> c:\documents and settings\emin\desktop\ggk\ggk\ggk\ggk.sys [?]
S3 iCheat1;iCheat1;\??\c:\documents and settings\emin\desktop\v39 by kazu\v39 by kazu\nvid999.sys --> c:\documents and settings\emin\desktop\v39 by kazu\v39 by kazu\nvid999.sys [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-17 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-17 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-17 81288]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\emin\desktop\dfiber_v48\moonlight_engine_1105\ilvmoney1105.sys --> c:\documents and settings\emin\desktop\dfiber_v48\moonlight_engine_1105\IlvMoney1105.sys [?]
S3 kaspersky1;kaspersky1;\??\c:\documents and settings\emin\desktop\emins folder\all hacks here\kaspersky engine 3[1].2\kaspersky.sys --> c:\documents and settings\emin\desktop\emins folder\all hacks here\kaspersky engine 3[1].2\kaspersky.sys [?]
S3 memxers12;memxers12;\??\c:\documents and settings\emin\desktop\new folder (all)\v0.39 noob haxing\v.39 hack pack\icheat (rev1021)\nvid999.sys --> c:\documents and settings\emin\desktop\new folder (all)\v0.39 noob haxing\v.39 hack pack\icheat (rev1021)\nvid999.sys [?]
S3 saruenGang;saruenGang;\??\c:\documents and settings\emil mehrabian\desktop\everything\saruengang102\saruengang.sys --> c:\documents and settings\emil mehrabian\desktop\everything\saruengang102\saruenGang.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-17 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-17 1079176]
S3 sejt1;sejt1;\??\c:\documents and settings\emin\desktop\emins folder\all hacks here\akumaengine33\akumaengine33\akumaengine33\sejt.sys --> c:\documents and settings\emin\desktop\emins folder\all hacks here\akumaengine33\akumaengine33\akumaengine33\sejt.sys [?]
S3 spuce1;spuce1;\??\c:\documents and settings\emin\desktop\spuce 2.0\spuce.sys --> c:\documents and settings\emin\desktop\spuce 2.0\spuce.sys [?]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2008-10-2 565248]
S3 xp1;xp1;\??\c:\documents and settings\emin\desktop\emins folder\all hacks here\xpenginenopopup\xp.sys --> c:\documents and settings\emin\desktop\emins folder\all hacks here\xpenginenopopup\xp.sys [?]
S3 Yakir1;Yakir1;\??\c:\documents and settings\emin\desktop\new folder (all)\zenxengine v2(beta closed)\log evasion engine\zenx.sys --> c:\documents and settings\emin\desktop\new folder (all)\zenxengine v2(beta closed)\log evasion engine\ZenX.Sys [?]
S3 zenx1;zenx1;\??\c:\docume~1\emilme~1\locals~1\temp\rar$ex00.953\zenxengine\zenx.sys --> c:\docume~1\emilme~1\locals~1\temp\rar$ex00.953\zenxengine\zenx.sys [?]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\andy mehrabian\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 53248]

============== File Associations ===============

txtfile="c:\windows\system32\nxtepad.exe" "%1"

=============== Created Last 30 ================

2009-02-20 01:02 152,576 a------- c:\windows\system32\taskmgr.exe
2009-02-18 17:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-18 17:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-18 14:17 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-02-18 14:17 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-02-18 14:17 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-02-18 14:17 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-02-18 14:17 <DIR> --d----- c:\program files\ThreatFire
2009-02-18 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-17 23:51 <DIR> --d----- c:\docume~1\emin\applic~1\Malwarebytes
2009-02-17 23:50 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-17 23:50 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 23:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 23:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-17 23:13 <DIR> --d----- C:\Binaries
2009-02-17 23:12 <DIR> --d----- c:\program files\Webroot
2009-02-17 23:10 164 a------- C:\install.dat
2009-02-17 14:26 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-17 14:26 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-17 14:26 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-17 14:26 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-17 14:26 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-17 13:45 81,931 a------- c:\windows\system32\16.tmp
2009-02-17 13:44 48 a------- c:\windows\system32\15.tmp
2009-02-16 23:01 81,931 a------- c:\windows\system32\14.tmp
2009-02-16 23:01 1 a------- c:\windows\system32\13.tmp
2009-02-16 23:01 88 a------- c:\windows\system32\12.tmp
2009-02-16 22:33 81,931 a------- c:\windows\system32\5F.tmp
2009-02-16 22:33 1 a------- c:\windows\system32\5E.tmp
2009-02-16 22:33 88 a------- c:\windows\system32\5D.tmp
2009-02-16 18:12 81,931 a------- c:\windows\system32\11.tmp
2009-02-16 18:12 88 a------- c:\windows\system32\3.tmp
2009-02-16 18:12 1 a------- c:\windows\system32\10.tmp
2009-02-16 15:24 81,931 a------- c:\windows\system32\F.tmp
2009-02-16 15:24 1 a------- c:\windows\system32\B.tmp
2009-02-16 15:24 88 a------- c:\windows\system32\A.tmp
2009-02-16 15:18 81,931 a------- c:\windows\system32\9.tmp
2009-02-16 15:18 1 a------- c:\windows\system32\8.tmp
2009-02-16 15:18 88 a------- c:\windows\system32\7.tmp
2009-02-16 15:08 81,931 a------- c:\windows\system32\E.tmp
2009-02-16 15:08 1 a------- c:\windows\system32\D.tmp
2009-02-16 15:08 88 a------- c:\windows\system32\C.tmp
2009-02-16 11:47 <DIR> --d----- c:\program files\AVG
2009-02-16 11:22 61 a------- c:\windows\system32\xcchit32.ini.tmp
2009-02-16 11:22 62,464 a------- c:\windows\Qcubobesitefesu.dll
2009-02-16 11:22 101,888 a------- c:\windows\system32\grcrt.exe
2009-02-16 11:22 44,032 a------- c:\windows\system32\grcrt2.exe
2009-02-16 11:21 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-16 11:21 158,720 a------- c:\windows\system32\w.exe
2009-02-16 11:21 8 a------- c:\windows\system32\comsa32.sys
2009-02-16 11:21 406,016 a------- c:\windows\system32\tmpxccacj0.exe
2009-02-16 11:21 198 a------- c:\windows\system32\xcchit32.ini
2009-02-16 11:20 605 a------- c:\windows\xccwinsys.ini
2009-02-16 11:20 <DIR> --d----- c:\windows\system32\inf
2009-02-16 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-02-16 11:20 81,931 a------- c:\windows\system32\6.tmp
2009-02-16 11:20 1 a------- c:\windows\system32\5.tmp
2009-02-16 11:20 88 a------- c:\windows\system32\4.tmp
2009-02-15 21:00 0 a------- c:\windows\system32\114.tmp
2009-02-15 20:28 <DIR> --d----- c:\docume~1\emin\applic~1\AVS4YOU
2009-02-15 20:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-02-15 20:24 <DIR> --d----- c:\program files\common files\AVSMedia
2009-02-15 20:24 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-02-15 20:24 24,576 a------- c:\windows\system32\msxml3a.dll
2009-02-15 20:24 <DIR> --d----- c:\program files\AVS4YOU
2009-02-14 19:36 37,027 a------- c:\windows\atmoUn.exe
2009-02-03 14:43 <DIR> --d----- c:\program files\MuhSound

==================== Find3M ====================

2009-02-13 21:04 53,032 a------- c:\docume~1\emin\applic~1\GDIPFONTCACHEV1.DAT
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 01:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 01:10 30,720 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 21:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 21:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 22:55 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-06 14:31 36,104 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-09-14 15:53 848 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-09-14 15:53 88 ---shr-- c:\docume~1\alluse~1\applic~1\21F8E5CE26.sys
2008-10-23 18:03 905,053 a--sh--- c:\windows\system32\KjijRXyb.ini2
2008-10-23 23:47 930,480 a--sh--- c:\windows\system32\svEhOXbc.ini2
2008-08-29 15:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082920080830\index.dat

============= FINISH: 13:44:38.96 ===============


I have malware/trojans/viruses and many other things that slow down my computer.

Previous Post: Hi I recently downloaded something miscilanious and it turned out to be trojan viruses i accidenttally allowed a couple with windows defender, but blocked the rest, then i downloaded AVG virus protection and it scanned my whole comp, gave me about 200 threats most being trojans, now in my processes it has the virus names, but i close those processes when they pop up, here are a list of problems i have...
1. My windows welcome screen does not show up, just a black screen asking for my username and PW
2.My DEP keeps popping up telling me it closed a program to help the comp stay safe, and random folders sometimes open (DEP = Data Execution Prevention)
3.it says viruses have been detected and removed, but they havent, because they keep showing up, and my computer is very slow now, or at least slower than usual.
4.Explorer.exe dosent load at startup, and i have to load it twice, because the first time DEP blocks it, same with task manager.
5. The "system" process now takes 60,000kb which is way too much.
7.sometimes processes dont show the usernames.
Now I can name the processes that are viruses if you'd like, but I'd have to restart for them to load them again, also system restore always fails for me.

I need some expert advice please!

EDIT: My windows welcome screen did show up after I disabled DEP, explorer.exe loaded this time as well, the processes that were viruses dont show up anymore, they're still there, I know, the "System" process dosent take too much memory anymore, and commit charge has dropped as well, I still know my system isnt right notepad.exe was replaced with nxtepad.exe trojan and when i opened microsoft word the same document that was transparent displayed on my desktop with ~ in the prefix and disapeared after I closed it, I also have lots of registry that's broken. (I closed the virus processes before as well) Here are some of the processes I think that I'm pretty sure that are trojans:

afisicx.exe
mabidwe.exe
noytcyr.exe
roytctm.exe
soxpeca.exe
tdydowkc.exe
wsidoekid.exe

I also scanned with EnumProcess:

Windows Firewall is on
[System Process]
System
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe (Microsoft Corporation / Services and Controller app)
C:\WINDOWS\system32\lsass.exe (Microsoft Corporation / LSA Shell (Export Version))
C:\WINDOWS\system32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\WINDOWS\system32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation / Service Executable)
C:\WINDOWS\System32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\WINDOWS\system32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\WINDOWS\system32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation / Spooler SubSystem App)
C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc. / Google Installer)
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc. / Apple Mobile Device Service)
C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o. / AVG Watchdog Service)
C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation / Media Center Receiver Service)
C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation / Media Center Scheduler Service)
C:\WINDOWS\eHome\ehRec.exe (Microsoft Corporation / Media Center Host Module)
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google / gusvc)
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\noytcyr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o. / AVG Resident Shield Service)
C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o. / AVG Network scanner Service)
C:\Nexon\Mabinogi\npkcmsvc.exe (INCA Internet Co., Ltd. / nProtect KeyCrypt Manager Service)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation / NVIDIA Driver Helper Service, Version 178.24)
C:\WINDOWS\system32\roytctm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools / PC Tools Auxiliary Service)
C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools / PC Tools Security Service)
C:\WINDOWS\system32\soxpeca.exe -> ezTrust
C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools / PC Tools Tray Application)
C:\WINDOWS\system32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\WINDOWS\system32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\WINDOWS\explorer.exe (Microsoft Corporation / Windows Explorer)
C:\WINDOWS\system32\tdydowkc.exe
C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation / User Profile Hive Cleanup Service)
C:\WINDOWS\system32\wsldoekd.exe
C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation / MCRD Device Service)
C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o. / AVG Tray Monitor)
C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation / CTF Loader)
C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation / Windows Messenger)
C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation / Windows Defender User Interface)
C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation / igfxsrvc Module)
C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation / Windows TaskManager)
C:\Program Files\AVG\AVG8\avgui.exe (AVG Technologies CZ, s.r.o. / AVG User Interface)
C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation / Windows® installer)
C:\WINDOWS\System32\alg.exe (Microsoft Corporation / Application Layer Gateway Service)
C:\WINDOWS\System32\svchost.exe (Microsoft Corporation / Generic Host Process for Win32 Services)
C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools / PC Tools GUI Application)
C:\WINDOWS\system32\MsiExec.exe (Microsoft Corporation / Windows® installer)
C:\WINDOWS\system32\MsiExec.exe (Microsoft Corporation / Windows® installer)
C:\Program Files\AVG\AVG8\avgscanx.exe (AVG Technologies CZ, s.r.o. / AVG Command-line Scanning Utility)
C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o. / AVG Scanning Core Module - Server Part)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation / Firefox)
C:\Documents and Settings\Emin\Desktop\EnumProcess.exe (Me, myself and I / EnumProcess)

and here's a DDS attached since i cant attch it ill post it if you dont mind...

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-20 14:18:19
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)

Device \FileSystem\Fastfat \Fat F27BDD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\.pando@ Pando.Document
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker@ Magix.MusicMaker
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker\CLSID
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker\CLSID@ {7F1EF3AE-1431-45F9-996A-8BC0CD826485}
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker\Shell
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker\Shell\Show
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker\Shell\Show\DropTarget
Reg HKLM\SOFTWARE\Classes\Magix.MusicMaker\Shell\Show\DropTarget@CLSID {7F1EF3AE-1431-45F9-996A-8BC0CD826485}
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2@ CNxGameControl Object
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CLSID
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CLSID@ {075A24FD-4418-4841-9C3A-55CD5FFDE375}
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CurVer
Reg HKLM\SOFTWARE\Classes\NXCOM.NxGameControl.US.2\CurVer@ NXCOM.NxGameControl.US.2
Reg HKLM\SOFTWARE\Classes\pando\Shell
Reg HKLM\SOFTWARE\Classes\pando\Shell\Open
Reg HKLM\SOFTWARE\Classes\pando\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\pando\Shell\Open\Command@ C:\WINDOWS\system32\cmd.exe /Q /D /C "start [url="http://www.pando.com/link/pmb_pando""]http://www.pando.com/link/pmb_pando"[/url]
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl@ PandoWebInstCtrl Class
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl\CLSID@ {68979310-D979-4CCA-AB57-83BEFB03E0D3}
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl\CurVer@ PandoWebInst.PandoWebInstCtrl.1
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl.1@ PandoWebInstCtrl Class
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\PandoWebInst.PandoWebInstCtrl.1\CLSID@ {68979310-D979-4CCA-AB57-83BEFB03E0D3}

---- EOF - GMER 1.0.14 ----



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/11/2006 9:38:02 PM
System Uptime: 2/20/2009 1:36:12 PM (0 hours ago)

Motherboard: Dell Inc. | | 0RD203
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 40.522 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP95: 11/13/2008 11:48:51 PM - Software Distribution Service 3.0
RP96: 11/16/2008 10:29:06 PM - System Checkpoint
RP97: 11/19/2008 2:04:14 PM - Software Distribution Service 3.0
RP98: 11/19/2008 7:56:54 PM - Windows Defender Checkpoint
RP99: 11/19/2008 8:12:04 PM - Removed Ventrilo Client
RP100: 11/19/2008 8:12:45 PM - Installed Ventrilo Client
RP101: 11/21/2008 3:27:00 PM - Software Distribution Service 3.0
RP102: 11/21/2008 3:27:24 PM - Software Distribution Service 3.0
RP103: 11/21/2008 3:31:39 PM - Software Distribution Service 3.0
RP104: 11/21/2008 3:34:59 PM - Software Distribution Service 3.0
RP105: 11/21/2008 3:35:31 PM - Software Distribution Service 3.0
RP106: 11/21/2008 3:38:43 PM - Software Distribution Service 3.0
RP107: 11/21/2008 3:41:56 PM - Software Distribution Service 3.0
RP108: 11/21/2008 5:44:54 PM - Software Distribution Service 3.0
RP109: 11/21/2008 5:45:20 PM - Software Distribution Service 3.0
RP110: 11/21/2008 9:42:10 PM - Removed MapleStory.
RP111: 11/24/2008 2:15:10 PM - Software Distribution Service 3.0
RP112: 11/27/2008 9:42:34 AM - Software Distribution Service 3.0
RP113: 11/30/2008 1:40:46 AM - Logitech SetPoint Mouse and Keyboard Device Drivers
RP114: 12/2/2008 5:23:19 PM - Removed Skype™ 3.8
RP115: 12/4/2008 1:53:56 PM - Software Distribution Service 3.0
RP116: 12/8/2008 1:48:08 PM - Software Distribution Service 3.0
RP117: 12/9/2008 3:08:15 PM - System Checkpoint
RP118: 12/11/2008 4:38:58 PM - Software Distribution Service 3.0
RP119: 12/11/2008 4:47:02 PM - Software Distribution Service 3.0
RP120: 12/13/2008 11:07:40 PM - Removed Rhapsody Player Engine
RP121: 12/15/2008 4:13:23 PM - Software Distribution Service 3.0
RP122: 12/18/2008 12:31:12 AM - Software Distribution Service 3.0
RP123: 12/18/2008 2:03:50 PM - Software Distribution Service 3.0
RP124: 12/19/2008 1:06:45 PM - Removed MapleStory.
RP125: 12/19/2008 1:08:09 PM - Removed Windows Live Messenger
RP126: 12/19/2008 1:10:06 PM - Removed Windows Live installer
RP127: 12/19/2008 1:41:36 PM - Installed Windows Live Messenger
RP128: 12/20/2008 6:15:43 PM - Installed Windows NLSDownlevelMapping.
RP129: 12/20/2008 6:16:29 PM - Installed Windows IDNMitigationAPIs.
RP130: 12/20/2008 7:18:34 PM - Installed Windows NLSDownlevelMapping.
RP131: 12/20/2008 7:19:19 PM - Installed Windows IDNMitigationAPIs.
RP132: 12/20/2008 7:32:29 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP133: 12/20/2008 7:46:00 PM - Installed Windows NLSDownlevelMapping.
RP134: 12/20/2008 7:46:44 PM - Installed Windows IDNMitigationAPIs.
RP135: 12/20/2008 8:02:23 PM - Installed Microsoft Office Enterprise 2007
RP136: 12/20/2008 8:07:29 PM - Installed Microsoft Office Enterprise 2007
RP137: 12/22/2008 2:12:59 PM - System Checkpoint
RP138: 12/23/2008 6:37:43 PM - System Checkpoint
RP139: 12/24/2008 3:10:57 PM - Software Distribution Service 3.0
RP140: 12/25/2008 12:07:36 PM - Software Distribution Service 3.0
RP141: 12/26/2008 1:04:33 PM - System Checkpoint
RP142: 12/29/2008 2:01:09 PM - Software Distribution Service 3.0
RP143: 12/30/2008 4:24:50 AM - Installed Eamonn
RP144: 12/31/2008 12:47:56 PM - System Checkpoint
RP145: 1/2/2009 1:40:08 PM - Software Distribution Service 3.0
RP146: 1/3/2009 3:18:06 PM - System Checkpoint
RP147: 1/5/2009 12:32:34 AM - Installed Image Resizer Powertoy for Windows XP
RP148: 1/5/2009 1:06:18 PM - Software Distribution Service 3.0
RP149: 1/8/2009 3:19:17 PM - Software Distribution Service 3.0
RP150: 1/10/2009 2:59:32 PM - System Checkpoint
RP151: 1/11/2009 6:19:10 PM - System Checkpoint
RP152: 1/12/2009 2:00:08 PM - Software Distribution Service 3.0
RP153: 1/13/2009 6:53:40 PM - Software Distribution Service 3.0
RP154: 1/15/2009 4:56:03 PM - Software Distribution Service 3.0
RP155: 1/17/2009 5:50:34 PM - System Checkpoint
RP156: 1/19/2009 11:08:05 AM - Software Distribution Service 3.0
RP157: 1/21/2009 5:09:44 PM - System Checkpoint
RP158: 1/22/2009 2:09:25 PM - Software Distribution Service 3.0
RP159: 1/24/2009 6:08:18 PM - System Checkpoint
RP160: 1/26/2009 5:48:44 PM - Software Distribution Service 3.0
RP161: 1/28/2009 8:20:51 PM - System Checkpoint
RP162: 1/29/2009 6:40:12 PM - Software Distribution Service 3.0
RP163: 1/31/2009 1:05:48 PM - System Checkpoint
RP164: 2/2/2009 4:54:30 PM - System Checkpoint
RP165: 2/3/2009 1:37:46 AM - Software Distribution Service 3.0
RP166: 2/6/2009 6:07:44 PM - Software Distribution Service 3.0
RP167: 2/9/2009 12:03:23 PM - Software Distribution Service 3.0
RP168: 2/10/2009 3:01:29 PM - Software Distribution Service 3.0
RP169: 2/10/2009 3:04:31 PM - Software Distribution Service 3.0
RP170: 2/10/2009 7:51:04 PM - Software Distribution Service 3.0
RP171: 2/12/2009 7:55:47 PM - Software Distribution Service 3.0
RP172: 2/16/2009 11:26:21 AM - Windows Defender Checkpoint
RP173: 2/16/2009 11:47:30 AM - Installed AVG Free 8.0
RP174: 2/16/2009 11:57:15 AM - Avg8 Update
RP175: 2/16/2009 12:00:36 PM - Avg8 Update
RP176: 2/16/2009 3:01:48 PM - Software Distribution Service 3.0
RP177: 2/16/2009 3:24:07 PM - Restore Operation
RP178: 2/16/2009 3:48:01 PM - Configured Eamonn
RP179: 2/16/2009 3:52:20 PM - Configured Eamonn
RP180: 2/16/2009 11:02:46 PM - Windows Defender Checkpoint
RP181: 2/17/2009 4:03:42 PM - Configured Eamonn
RP182: 2/18/2009 3:39:32 PM - Configured Eamonn
RP183: 2/19/2009 6:51:02 PM - Removed AVG Free 8.0
RP184: 2/19/2009 6:54:25 PM - Installed AVG Free 8.0
RP185: 2/20/2009 12:12:31 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
AIM 6
AIM Toolbar 5.0
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Ares 2.0.9
ATX / Kleinrock Tax Products (Remove Only)
ATX / Kleinrock Tax Products 2006 (Remove Only)
ATX / Kleinrock Tax Products 2007 (Remove Only)
ATX XML Printer
Audiosurf
AutoUpdate
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Blasterball 2
CDDRV_Installer
Classic PhoneTools
Condition Zero
Condition Zero Deleted Scenes
Conexant D850 56K V.9x DFVc Modem
Counter-Strike
Counter-Strike: Source
dBpowerAMP Music Converter
Dell Driver Reset Tool
Dell Game Console
Dell System Restore
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Eamonn
Firebird SQL Server - MAGIX Edition 2.0.0.1 (US)
Garry's Mod
GoldWave v5.20
Google Earth
Google Gears
Google Photos Screensaver
Google SketchUp 6
Google Update Helper
Google Updater
Google Video Player
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life: Source
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
ijji FireFox Launcher 1.0
Image Resizer Powertoy for Windows XP
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Inter-Tel Collaboration Client 2.0
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
KhalInstallWrapper
KODAK Picture CD
Left 4 Dead
Left 4 Dead Demo
LG USB Modem driver
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
Logitech Updater
Mabinogi
Macromedia Flash Player 8
MAGIX Goya burnR 1.3.1.2 (US)
MAGIX Music Maker 12 deluxe 12.1.0.4 (US)
MAGIX Music Manager 2007 8.1.1.114 (US)
MAGIX Photo Manager 2007 4.1.1.77 (US)
MAIET entertainment - Gunz
Malwarebytes' Anti-Malware
MCU
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Application Compatibility Database
Microsoft Windows Journal Viewer
Microsoft XML Parser
Modem Helper
Mozilla Firefox (3.0.6)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
MuhSound
MyWay Search Assistant
NetWaiting
NVIDIA Drivers
NVIDIA PhysX v8.09.04
Otto
Pando Media Booster
Peggle Extreme
Pivot Stickfigure Animator
Portal: The First Slice
PowerDVD 5.5
ProSeries Basic Edition 2005
PSP Max Media Manager
QuickTime
Real Alternative 1.7.0
Registry Mechanic 8.0
Replay Converter 3
RPG Maker VX
RPG Maker VX RTP
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sega Smash Pack II
SEGA Swirl
Skype™ 3.8
Smart Games Challenge I v1.1
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic R
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sony Media Manager 2.2
Sony Vegas 7.0a
Sony Vegas Pro 8.0
Source Dedicated Server
Spybot - Search & Destroy
Spyware Doctor 6.0
Steam
System Requirements Lab
Text-To-Speech-Runtime
The Movies Demo
ThreatFire
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
User Profile Hive Cleanup Service
Ventrilo Client
VeohTV BETA
Verizon Online DSL
Verizon Yahoo! Applications
VLC media player 0.9.8a
WebCyberCoach 3.2 Dell
WebFldrs XP
WexTech AnswerWorks
WildTangent Web Driver
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Media Center Edition 2005 KB908246
Windows XP Service Pack 3
WinRAR archiver
World of Goo Demo
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
XviD MPEG-4 Video Codec
XviD MPEG-4 Video Codec rev.1.2.0.
Yahoo! Toolbar
ZD Soft Game Recorder
ZD Soft Screen Recorder
ZD Soft Screen Video Decoder

==== Event Viewer Messages From Past Week ========

2/16/2009 10:56:11 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
2/16/2009 10:39:50 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MEHRABIAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{21487DE5-10A2-4. The master browser is stopping or an election is being forced.
2/16/2009 11:26:22 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=74409 Scan ID: {885869D1-66C8-4425-8D24-E5FFD89AEC21} User: COMPUTER\Emin Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path: process:pid:20736 Alert Type: Unclassified software Action: Quarantine Error Code: 0x80508021 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/16/2009 11:26:22 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=74409 Scan ID: {71021B9B-55C1-4F7D-9C70-9D1F50B110F4} User: COMPUTER\Emin Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path: process:pid:20968 Alert Type: Unclassified software Action: Quarantine Error Code: 0x80508021 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/16/2009 11:26:22 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=74409 Scan ID: {46F4A07D-09C2-40F6-BD3C-D6B7B5232A9A} User: COMPUTER\Emin Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path: process:pid:20408 Alert Type: Unclassified software Action: Quarantine Error Code: 0x80508021 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/16/2009 11:26:21 AM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=74409 Scan ID: {2A67143C-AFFB-4555-BD10-8CE7DE8C7458} User: COMPUTER\Emin Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path: process:pid:19968 Alert Type: Unclassified software Action: Quarantine Error Code: 0x80508021 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/16/2009 11:02:47 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=74409 Scan ID: {088CBAC9-B89D-4FC4-953D-7D98D11199B8} User: COMPUTER\Emin Name: Unknown ID: Severity: Not Yet Classified Category: Not Yet Classified Path: process:pid:3480 Alert Type: Unclassified software Action: Quarantine Error Code: 0x80508021 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2/17/2009 11:18:23 PM, error: WinDefend [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource:
2/18/2009 9:09:50 PM, error: DCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
2/18/2009 9:09:50 PM, error: DCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\igfxsrvc.exe -Embedding
2/18/2009 11:55:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
2/19/2009 2:23:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/19/2009 2:24:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/20/2009 12:00:34 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSFS0BBC\0000 disappeared from the system without first being prepared for removal.
2/20/2009 12:00:34 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSHRMD\0000 disappeared from the system without first being prepared for removal.
2/20/2009 12:00:34 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSIDRV\0000 disappeared from the system without first being prepared for removal.
2/18/2009 9:10:14 PM, information: Windows File Protection [64004] - The protected system file taskmgr.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x800b0100 [No signature was present in the subject. ].
2/18/2009 9:10:59 PM, information: Windows File Protection [64004] - The protected system file taskmgr.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.5512 The specific error code is 0x800b0100 [No signature was present in the subject. ].

==== End Of File ===========================

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:25 AM

Posted 22 February 2009 - 04:17 PM

You are already being helped elsewhere. Topic locked.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users