Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    German authorities identify REvil and GangCrab ransomware bosses

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

adbrite.com/Macros/sqlite/Divx Updater Virus + Registry Errors on PC

Started by WhatDidUJustSay , Sep 24 2010 01:18 AM

  • This topic is locked This topic is locked
161 replies to this topic

#1 WhatDidUJustSay

WhatDidUJustSay

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 24 September 2010 - 01:18 AM

Referred from: http://www.bleepingcomputer.com/forums/topic342915.html ~ OB

I ran TFC,Malwarebytes Anti-Malware,SUPERAntiSpyware Free, and Eset Online Anti-virus Scanner as requested by quietman7 but the infections are still present and I still get the Virtual memory too low message. So he directed me towards this forum to request help.I followed the instructions he gave me on using defogger,DDS, and GMER.I was able to use defogger and DDS but I was unable to use GMER.When I attempted to use GMER I received these messages:

GMER
C:\WINDOWS\system32\config\system:
The process cannot access the file because it is being used by another process.

GMER
LoadDriver("C:\DOCUME~1\Sickness\LOCALS~1\Temp\ufloapow.sys")
error 0xC0000061:Access is denied.

GMER opens up with: Services,ADS,Registry,Files,C:\ all pre-selected but I am unable to select anything else.

I also received this message today:

avguard.exe-Application Error
The instruction at "0x00f6986c" referenced memory at "oxoof6986c".The memory could not be "read"



Here is the log I was able to complete:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sickness at 23:32:42.45 on Wed 09/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.94 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Sickness\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uURLSearchHooks: H - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190106732546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5131/mcfscan.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-1 11608]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-30 242896]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-1 60936]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2010-9-17 99248]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2008-8-18 110272]
S3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [2007-3-16 155411]
S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys --> c:\windows\system32\drivers\pgusbmm3.sys [?]
S3 pgusbwdm;usb-audio.de driver (commercial V2.6.1);c:\windows\system32\drivers\pgusbwdm.sys --> c:\windows\system32\drivers\pgusbwdm.sys [?]

=============== Created Last 30 ================

2010-09-23 04:18:29 0 ----a-w- c:\documents and settings\sickness\defogger_reenable
2010-09-17 09:44:11 40960 ----a-w- c:\windows\system32\lxddvs.dll
2010-09-17 09:43:55 344064 ----a-w- c:\windows\system32\lxddcoin.dll
2010-09-17 09:42:35 692224 ----a-w- c:\windows\system32\lxdddrs.dll
2010-09-17 09:42:35 65536 ----a-w- c:\windows\system32\lxddcaps.dll
2010-09-17 09:42:34 69632 ----a-w- c:\windows\system32\lxddcnv4.dll
2010-09-17 09:41:14 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2010-09-17 09:41:14 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2010-09-17 09:40:54 36864 ----a-w- c:\windows\system32\lxf3oem.dll
2010-09-17 09:38:51 0 d-----w- c:\program files\Lexmark Fax Solutions
2010-09-17 09:38:17 44 ----a-w- c:\windows\system32\lxddrwrd.ini
2010-09-17 09:38:14 0 d-----w- c:\program files\Lexmark Toolbar
2010-09-17 09:36:58 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2010-09-17 09:35:25 0 d-----w- c:\program files\Lexmark 2500 Series
2010-09-17 09:34:59 983107 ----a-w- c:\windows\system32\lxddgf.dll
2010-09-17 09:34:59 86016 ----a-w- c:\windows\system32\lxddcub.dll
2010-09-17 09:34:58 77824 ----a-w- c:\windows\system32\lxddcu.dll
2010-09-17 09:34:58 36864 ----a-w- c:\windows\system32\lxddcur.dll
2010-09-17 09:34:57 537520 ----a-w- c:\windows\system32\lxddcoms.exe
2010-09-17 09:34:56 425984 ----a-w- c:\windows\system32\lxddcomm.dll
2010-09-17 09:34:54 684032 ----a-w- c:\windows\system32\lxddcomc.dll
2010-09-17 09:34:51 394160 ----a-w- c:\windows\system32\lxddcfg.exe
2010-09-17 09:34:49 77906 ----a-w- c:\windows\system32\lxddcfg.dll
2010-09-17 09:34:49 1932 ----a-w- c:\windows\system32\lxdd.loc
2010-09-16 17:05:06 0 d-----w- c:\program files\common files\ODBC
2010-09-06 05:04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 05:04:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 05:04:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-05 07:14:54 0 d-----w- c:\program files\VideoLAN
2010-09-03 19:56:04 0 d-----w- C:\TEMP
2010-09-03 18:02:49 0 d-----w- c:\documents and settings\sickness\Program Files
2010-09-01 17:23:11 0 d-----w- c:\docume~1\sickness\applic~1\Avira
2010-09-01 17:04:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 17:04:23 0 d-----w- c:\program files\Avira
2010-09-01 17:04:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-09-01 04:01:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-01 01:23:09 0 d-----w- c:\docume~1\sickness\applic~1\Malwarebytes
2010-09-01 01:20:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-24 16:59:54 15360 ---ha-r- c:\windows\system32\drivers\NetMotCM.sys

==================== Find3M ====================

2010-09-01 18:25:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 07:26:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2007-08-22 05:56:32 104 --sh--r- c:\windows\system32\405CE41993.sys
2007-02-03 19:50:06 88 --sh--r- c:\windows\system32\9319E45C40.sys

============= FINISH: 23:33:52.42 ===============

Also I see that it says tha AVG is active on my computer but I uinstalled it months ago.

Attached Files


Edited by Orange Blossom, 24 September 2010 - 11:06 AM.

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 29 September 2010 - 09:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo

Proud Graduate Of Malware Removal University

#3 WhatDidUJustSay

WhatDidUJustSay
  • Topic Starter

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 29 September 2010 - 05:07 PM

I should be able to get started on this stuff tonight and be able to finish by either tomorrow morning or night.I ran defogger already as instructed by my last guide and have left all CD emulation drivers off since then.Is that okay?

Edited by WhatDidUJustSay, 29 September 2010 - 05:09 PM.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 29 September 2010 - 06:35 PM

Yes that is ok - just send me the reports when you have them



Gringo

Proud Graduate Of Malware Removal University

#5 WhatDidUJustSay

WhatDidUJustSay
  • Topic Starter

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 30 September 2010 - 08:22 PM

Here is my DDS & Attach log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Sickness at 18:16:24.93 on Thu 09/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.50 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Sickness\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Crawler Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190106732546
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5131/mcfscan.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-1 11608]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-30 242896]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-1 60936]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2010-9-17 99248]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2008-8-18 110272]
S3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [2007-3-16 155411]
S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys --> c:\windows\system32\drivers\pgusbmm3.sys [?]
S3 pgusbwdm;usb-audio.de driver (commercial V2.6.1);c:\windows\system32\drivers\pgusbwdm.sys --> c:\windows\system32\drivers\pgusbwdm.sys [?]

=============== Created Last 30 ================

2010-09-26 07:31:41 0 d-----w- c:\docume~1\sickness\applic~1\Philipp Winterberg
2010-09-26 07:31:28 0 d-----w- c:\program files\Free RAR Extract Frog
2010-09-26 02:07:06 0 d-----w- c:\program files\Veetle
2010-09-26 01:33:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-23 04:18:29 0 ----a-w- c:\documents and settings\sickness\defogger_reenable
2010-09-17 09:44:11 40960 ----a-w- c:\windows\system32\lxddvs.dll
2010-09-17 09:43:55 344064 ----a-w- c:\windows\system32\lxddcoin.dll
2010-09-17 09:42:35 692224 ----a-w- c:\windows\system32\lxdddrs.dll
2010-09-17 09:42:35 65536 ----a-w- c:\windows\system32\lxddcaps.dll
2010-09-17 09:42:34 69632 ----a-w- c:\windows\system32\lxddcnv4.dll
2010-09-17 09:41:14 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL
2010-09-17 09:41:14 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL
2010-09-17 09:40:54 36864 ----a-w- c:\windows\system32\lxf3oem.dll
2010-09-17 09:38:51 0 d-----w- c:\program files\Lexmark Fax Solutions
2010-09-17 09:38:17 44 ----a-w- c:\windows\system32\lxddrwrd.ini
2010-09-17 09:38:14 0 d-----w- c:\program files\Lexmark Toolbar
2010-09-17 09:36:58 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2010-09-17 09:35:25 0 d-----w- c:\program files\Lexmark 2500 Series
2010-09-17 09:34:59 983107 ----a-w- c:\windows\system32\lxddgf.dll
2010-09-17 09:34:59 86016 ----a-w- c:\windows\system32\lxddcub.dll
2010-09-17 09:34:58 77824 ----a-w- c:\windows\system32\lxddcu.dll
2010-09-17 09:34:58 36864 ----a-w- c:\windows\system32\lxddcur.dll
2010-09-17 09:34:57 537520 ----a-w- c:\windows\system32\lxddcoms.exe
2010-09-17 09:34:56 425984 ----a-w- c:\windows\system32\lxddcomm.dll
2010-09-17 09:34:54 684032 ----a-w- c:\windows\system32\lxddcomc.dll
2010-09-17 09:34:51 394160 ----a-w- c:\windows\system32\lxddcfg.exe
2010-09-17 09:34:49 77906 ----a-w- c:\windows\system32\lxddcfg.dll
2010-09-17 09:34:49 1932 ----a-w- c:\windows\system32\lxdd.loc
2010-09-16 17:05:06 0 d-----w- c:\program files\common files\ODBC
2010-09-06 05:04:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 05:04:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 05:04:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-05 07:14:54 0 d-----w- c:\program files\VideoLAN
2010-09-03 19:56:04 0 d-----w- C:\TEMP
2010-09-03 18:02:49 0 d-----w- c:\documents and settings\sickness\Program Files
2010-09-01 17:23:11 0 d-----w- c:\docume~1\sickness\applic~1\Avira
2010-09-01 17:04:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 17:04:23 0 d-----w- c:\program files\Avira
2010-09-01 17:04:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-09-01 04:01:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-01 01:23:09 0 d-----w- c:\docume~1\sickness\applic~1\Malwarebytes
2010-09-01 01:20:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2010-09-26 01:32:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2007-08-22 05:56:32 104 --sh--r- c:\windows\system32\405CE41993.sys
2007-02-03 19:50:06 88 --sh--r- c:\windows\system32\9319E45C40.sys

============= FINISH: 18:16:54.40 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/20/2006 5:33:41 PM
System Uptime: 9/30/2010 9:48:32 AM (9 hours ago)

Motherboard: Dell Inc. | | 0DK344
Processor: Intel® Celeron® M processor 1.50GHz | Microprocessor | 1496/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 34 GiB total, 1.017 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ROOT\LEGACY_AVAST!_ANTIVIRUS\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_AVAST!_ANTIVIRUS\0000
Service:

Class GUID:
Description:
Device ID: ROOT\LEGACY_AVAST!_WEB_SCANNER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_AVAST!_WEB_SCANNER\0000
Service:

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Beep
Device ID: ROOT\LEGACY_BEEP\0000
Manufacturer:
Name: Beep
PNP Device ID: ROOT\LEGACY_BEEP\0000
Service: Beep

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
AOLIcon
Avira AntiVir Personal - Free Antivirus
Broadcom Management Programs
Celtx (0.9.9.7)
Cole2k Media - Codec Pack (Standard) 7.9.0
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
DellSupport
Desktop Doctor
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EducateU
ELIcon
Free RAR Extract Frog
Games, Music, & Photos Launcher
Get High Speed Internet!
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java™ 6 Update 21
Learn2 Player (Uninstall Only)
Lexmark 2500 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Move Networks Media Player for Internet Explorer
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
NetWaiting
PowerDVD 5.5
QT Lite 2.9.0
QuickSet
Real Alternative 1.9.0 Lite
Revo Uninstaller 1.88
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
Viewpoint Media Player
VLC media player 1.1.4
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

9/24/2010 6:28:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0025F1FB57C5. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/24/2010 12:52:05 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService service to connect.
9/24/2010 12:52:05 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
9/24/2010 12:52:05 PM, error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/24/2010 10:37:10 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0025F1FB57C5. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/23/2010 12:12:00 PM, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.

==== End Of File ===========================

I had to run DDS twice because I accidentally closed on of the logs withouth saving it.

I tried to run RKUHooker but I was unable to. I received these two error messages:

information:
Failed to enable debug privilege,not critical issue

Error
Error, load driver privilege not adjusted

#6 WhatDidUJustSay

WhatDidUJustSay
  • Topic Starter

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 30 September 2010 - 08:24 PM

I will be busy for a week and a half so I will not be able to respond and follow any other instructions.Is it ok if I pm you once I'm available?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 30 September 2010 - 09:48 PM

yes do and I will reopen this for you




Gringo

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 06 October 2010 - 09:17 PM

it has been reopened


Gringo

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 06 October 2010 - 09:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Proud Graduate Of Malware Removal University

#10 WhatDidUJustSay

WhatDidUJustSay
  • Topic Starter

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 07 October 2010 - 08:02 PM

Should I change the file name of combofix so viruses won't recgonize it? Also Avira shut off again.Should I uninstall it?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 07 October 2010 - 09:12 PM

Hello

Should I change the file name of combofix so viruses won't recgonize it?
Only if we need to

Also Avira shut off again.Should I uninstall it?
only if it won't work after we do the cleaning


Gringo

Proud Graduate Of Malware Removal University

#12 WhatDidUJustSay

WhatDidUJustSay
  • Topic Starter

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 08 October 2010 - 06:57 PM

I just downloaded combofix to the desktop and double clicked it and this message popped up:

Run As

Which user account do you want to use to run this program?

Current User (User's Name)

Protect my computer and data from unauthorized program activity.

This option can prevent computer viruses from harming your computer or personal data,but selecting it might cause the program to function
improperly.



The following user:


User name [space to type name into]
Password [space to type password into]

Also should I be connected to the internet while running combofix?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 08 October 2010 - 10:05 PM

Hello

Are you the admin of this computer (most of the tools we will use need admin privleges to run)

can you get to an admin account to run it?


Gringo

Proud Graduate Of Malware Removal University

#14 WhatDidUJustSay

WhatDidUJustSay
  • Topic Starter

  • Avatar image
  • Members
  • 167 posts
  • OFFLINE
    •  
  • Local time:08:17 PM

Posted 08 October 2010 - 10:43 PM

I'll just change my account type from limited.Thanks.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Avatar image
  • Malware Response Team
  • 136,773 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 08 October 2010 - 11:00 PM

thumbup2.gif

Proud Graduate Of Malware Removal University

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·