Nick_E

I am currently trying to repair a laptop which will boot and work, although with a great deal of disk activity for no apparent reason. The problem is that neither IE 8 nor Firefox will boot in normal mode but will in Safe Mode. In normal mode IE comes up with an error saying it has closed unexpectedly and also another small window saying it has stopped working. Firefox says it has quit unexpectedly and offers a restart which when selected causes the same error.

In safe mode IE works but appears to be hijacked whenever, say a Google search result link is clicked. I have run all the well known programs for dealing with unwanted malware, virii, trojans, etc. and removed a lot of stuff but still have this problem. Also, when booting, I receive a Flash Player warning saying that it is not working correctly.

I have never been unable to resolve a problem like this before but this one has me stumped! It is not my PC but one of the many I get asked to help fix.

The DDS text result is below and the requested zipped files are attached. I would be very grateful for assistance.


DDS (Ver_09-09-29.01) - NTFSx86
Run by Bobubon at 13:36:49.60 on 10/10/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.784 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\OmniPage15.0\OpWare15.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\vVX3000.exe
C:\Windows\vVX6000.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Opera\opera.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bobubon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [BBC Alerts] "c:\program files\bbc alerts\BBC_Alerts.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Opware15] "c:\program files\scansoft\omnipage15.0\Opware15.exe"
mRun: [ScanSoft OmniPage 15.0-reminder] "c:\program files\scansoft\omnipage15.0\ereg\ereg.exe" -r "c:\programdata\scansoft\omnipage15.0\ereg\ereg.ini"
mRun: [PDF3 Registry Controller] "c:\program files\scansoft\omnipage15.0\pdfconverter3\\RegistryController.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Pharaoh's%20Secret/Images/stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Pharaoh's%20Secret/Images/armhelper.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-24 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-9 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-9 297752]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-18 187904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-18 111616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-12-19 2383256]

=============== Created Last 30 ================

2009-10-10 10:27 <DIR> --d----- c:\windows\system32\log
2009-10-10 08:45 <DIR> --d----- c:\program files\CCleaner
2009-10-10 07:46 <DIR> --d----- c:\programdata\RH_Backups
2009-10-10 07:46 <DIR> --d----- c:\progra~2\RH_Backups
2009-10-10 07:46 <DIR> --d----- c:\program files\RegHealer
2009-10-09 19:22 17,425 a------- c:\windows\23009wo5mz92.dll
2009-10-08 23:55 <DIR> --d----- c:\users\bobubon\Office Genuine Advantage
2009-10-08 23:42 6,144 -------- c:\windows\system32\1D61.tmp
2009-10-08 23:37 6,144 -------- c:\windows\system32\DCE7.tmp
2009-10-08 23:37 6,144 -------- c:\windows\system32\B6B1.tmp
2009-10-08 23:37 <DIR> --d----- c:\program files\Sophos
2009-10-08 19:27 17,124 a------- c:\windows\system32\17019w5rm89z.cpl
2009-10-08 18:44 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-10-08 18:44 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-10-08 18:43 <DIR> --d----- c:\users\bobubon\appdata\roaming\SUPERAntiSpyware.com
2009-10-08 18:43 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-08 18:36 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-08 18:07 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-10-08 16:41 <DIR> --d----- c:\users\bobubon\appdata\roaming\Malwarebytes
2009-10-08 16:41 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 16:41 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-08 16:41 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-08 16:41 <DIR> --d----- c:\progra~2\Malwarebytes
2009-10-08 16:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 10:01 6,523 a------- c:\windows\31z8s9arse755.ocx
2009-10-05 19:18 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-05 09:49 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-04 09:04 18,088 a------- c:\windows\system32\1z557sp924f.exe
2009-10-04 06:38 2,526 a------- c:\windows\system32\27z095ro9755.ocx
2009-10-02 18:41 13,107 a------- c:\windows\system32\12564s5y9c3z.dll
2009-10-01 15:48 6,165 a------- c:\windows\2deesparze9455.exe
2009-09-27 19:01 952 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-26 20:09 48 a---h--- c:\windows\system32\ezsidmv.dat
2009-09-25 07:17 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-24 21:39 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-24 21:36 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-24 21:36 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-24 21:35 <DIR> --d----- c:\program files\Lavasoft
2009-09-24 20:29 <DIR> --d----- c:\programdata\SITEguard
2009-09-24 20:29 <DIR> --d----- c:\progra~2\SITEguard
2009-09-24 20:28 <DIR> --d----- c:\program files\common files\iS3
2009-09-24 20:27 <DIR> --d----- c:\programdata\STOPzilla!
2009-09-24 20:27 <DIR> --d----- c:\progra~2\STOPzilla!
2009-09-24 16:25 4,741 a------- c:\windows\system32\zfed59nloader3182.dll
2009-09-23 20:05 14,998 a------- c:\windows\7816h59ktool760z.bin
2009-09-23 14:27 15,267 a------- c:\windows\3e59backzoor1320.dll
2009-09-23 05:13 4,248 a------- c:\windows\4z45pyware591.dll
2009-09-22 13:51 17,202 a------- c:\windows\system32\20319tz9j4c5.ocx
2009-09-20 15:38 7,488 a------- c:\windows\494asp59zre3076.bin
2009-09-20 09:27 12,007 a------- c:\windows\3607addw5re1z79.bin
2009-09-18 18:30 <DIR> --d----- c:\users\bobubon\appdata\roaming\myphotobook
2009-09-17 19:50 14,286 a------- c:\windows\8554wzrm916.cpl
2009-09-17 13:44 9,890 a------- c:\windows\5739ba9kd5zr1319.ocx
2009-09-17 08:54 4,618 a------- c:\windows\system32\29928worm45z9.dll
2009-09-16 13:44 4,169 a------- c:\windows\1539ztroj515.cpl
2009-09-16 05:55 6,041 a------- c:\windows\system32\305585orm5z89.bin
2009-09-13 17:19 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-13 17:19 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-13 17:18 <DIR> --d----- c:\program files\iPod
2009-09-13 17:18 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 17:18 <DIR> --d----- c:\program files\iTunes
2009-09-13 17:18 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-13 17:16 <DIR> --d----- c:\program files\Bonjour
2009-09-13 17:14 <DIR> --d----- c:\programdata\Apple Computer
2009-09-13 10:34 10,471 a------- c:\windows\9a82backdzor2825.cpl
2009-09-12 20:43 11,936 a------- c:\windows\1444haczt9ol3285.dll
2009-09-12 12:28 11,570 a------- c:\windows\system32\17z2ste592760.exe

==================== Find3M ====================

2009-10-05 19:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-05 19:17 51,200 a------- c:\windows\inf\infpub.dat
2009-10-05 19:17 86,016 a------- c:\windows\inf\infstor.dat
2009-09-23 20:06 10,272 a------- c:\windows\system32\3581downloazer609.dll
2009-09-23 20:06 2,906 a------- c:\windows\75z1worm595.dll
2009-09-23 20:06 10,354 a------- c:\windows\system32\278zb5ckdoor9997.exe
2009-09-23 20:06 8,566 a------- c:\windows\6715a9dwzre541.bin
2009-09-23 20:06 8,189 a------- c:\windows\951viz790.exe
2009-09-23 20:06 5,428 a------- c:\windows\system32\15859hiefz403.dll
2009-09-23 20:06 17,561 a------- c:\windows\789cadd5arez96.dll
2009-09-23 20:06 8,473 a------- c:\windows\system32\1058z5roj919.exe
2009-09-23 20:06 7,086 a------- c:\windows\9dz5steal452.exe
2009-09-23 20:06 7,047 a------- c:\windows\2cc6t5ie9174z.bin
2009-09-08 07:34 4,303 a------- c:\windows\2d7at9izf2695.bin
2009-09-06 02:43 13,594 a------- c:\windows\17088w5r96a6z.dll
2009-09-03 21:08 8,653 a------- c:\windows\system32\14102noz-a-viru9155.bin
2009-08-28 13:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 11:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 04:50 2,607 a------- c:\windows\system32\92952szambo5e0.bin
2009-08-26 15:37 16,257 a------- c:\windows\system32\11917s9y42z5.bin
2009-08-21 05:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-21 05:08 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 19:00 5,867 a------- c:\windows\9z03st5al18.dll
2009-08-17 02:53 2,967 a------- c:\windows\system32\1dd69ownloade5312z.dll
2009-08-16 06:39 13,614 a------- c:\windows\system32\65419ir552z.dll
2009-08-15 08:58 7,840 a------- c:\windows\45509ormza7.bin
2009-08-14 20:48 17,874 a------- c:\windows\system32\32baspzr9e353.exe
2009-08-14 18:07 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 17:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 15:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-12 18:31 44,944 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-08-12 18:31 158,192 -------- c:\windows\system32\pxwma.dll
2009-08-11 01:06 13,520 a------- c:\windows\919zpambot315.exe
2009-08-10 21:12 16,842 a------- c:\windows\59975spambot5z9.exe
2009-08-09 21:02 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-09 15:20 10,375 a------- c:\windows\system32\1991059oj6z5.exe
2009-08-09 04:03 13,138 a------- c:\windows\57150spyz979.bin
2009-08-09 02:47 11,205 a------- c:\windows\system32\1z948sp5264.exe
2009-08-08 02:01 10,502 a------- c:\windows\system32\5a34add9are181z.bin
2009-08-04 16:24 7,989 a------- c:\windows\system32\25109wormzb.exe
2009-08-04 03:18 17,623 a------- c:\windows\system32\398et9reatz105.exe
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-24 19:23 9,670 a------- c:\windows\system32\35996spambot15z.bin
2009-07-24 16:10 14,559 a------- c:\windows\system32\9935tro93zb5.exe
2009-07-24 13:38 9,171 a------- c:\windows\4b5aad9warz32.bin
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:32 3,037 a------- c:\windows\729z59arse1538.exe
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-21 10:58 14,364 a------- c:\windows\2727ad9warz13995.bin
2009-07-21 01:10 16,668 a------- c:\windows\6304wor5z749.dll
2009-07-18 23:01 12,396 a------- c:\windows\system32\55b3threat29790z.dll
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 19:48 17,212 a------- c:\windows\system32\7832spywaze1795.dll
2009-07-15 08:12 6,035 a------- c:\windows\system32\252z9troj415.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2008-11-08 04:20 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-07 16:51 0 a------- c:\users\bobubon\appdata\roaming\wklnhst.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:37:44.14 ===============

Attached Files

Attach.zip (178.2 KB, 7 views)

Nick_E

BUMP please.

Nick_E

I followed the instructions for posting a problem, I waited 72 hours and bumped the thread but still no response 10 days later. I realise the volunteers must be inundated with requests but how do I make sure my thread gets picked up eventually?

The instructions make it clear that bumping a thread more than once makes it more likely that it will be overlooked.

Ried

Hello Nick E,

Our apologies for the oversight of your thread. I think one of the reasons your thread has been bypassed is due to the ark.txt you posted. It's difficult on the eyes, and much too time consuming to sift through such extraneous information. Please run a new scan as instructed in our pre-posting topic:


Double click to run it. If asked to allow a driver to load, please consent.

• An initial scan will automatically begin.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark2.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please attach the ark.txt in your next reply.

I'd also like to see a more current dds.txt. Run a new scan with dds.scr and post the contents of that new log and we'll begin.

Nick_E

Thank you for your reply.

I am a little unclear why my posting was wrong because I thought I had followed the instructions to the letter. Never mind now because I read various other threads on this forum and ran various programs unsupervised and cured the problem.

I appreciate you are all volunteers and are very busy but could I respectfully suggest that a system is considered that acknowledges a request for help and stacks such requests in some sort of order.

I gave up waiting in frustration not knowing whether I was in a queue, overlooked or being ignored and unsure whether I would raise hackles by bumping my post again.

Keep up the good work.