I am attempting to fix a Dell Inspiron 510m with XP Home, AVG free, Windows firewall. The symptoms were that it was slow and had problems connecting to the internet. I ran Malwarebytes, which detected :- Spyware.onlinegames worm.prolaco Trojan.Agent Trojan.swisyn Malware.Trace Rootkit.Agent (which after reading the forum, appears to be a nasty one). The removal using Malwarebytes and all seemed to be going well until the reboot. Got the error message, "The application has failed to start as themed32.dll was not found. Reinstalling the application may fix this problem". I tried to restore, but either the system checkpoint files have been deleted or unable to access them. I am able to start windows in safe mode with a command prompt. It was then that I found the Malwarebytes forum. Defogger finished with no errors. Defogger didn't ask me to restart (as per the instructions), but I did it anyway. Ran the dds.scr file. Got the failure message due to themed32.dll missing about 100 times, to which I clicked ok each time. DDS.txt ==> DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL Run by Bob at 17:36:45.35 on 16/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.354 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\ZCfgSvc.exe C:\Dellfix2\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-gb\msntb.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-gb\msntb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [kdx] c:\program files\kontiki\KHost.exe -all mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0000.1082\en-gb\msntb.dll/search.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://sell-vehicle.ebay.co.uk/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - hxxp://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: req - c:\windows\system32\req.dll Notify: Sebring - c:\windows\system32\LgNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-4 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-17 216200] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-22 29584] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-17 242896] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528] S1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-1 916760] S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-1 308064] S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-27 54752] S2 gupdate1c989ff22fd18c0;Google Update Service (gupdate1c989ff22fd18c0);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104] S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7 840936] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-18 24652] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] =============== Created Last 30 ================ 2010-06-16 16:19:25 0 ----a-w- c:\documents and settings\bob\defogger_reenable 2010-06-14 12:29:31 0 d-----w- C:\Dellfix2 2010-06-14 12:27:59 1677 ----a-w- C:\Dellfix 2010-06-14 08:18:18 50477 ----a-w- C:\Defogger.exe 2010-06-14 08:18:18 3707422 ----a-w- C:\ComboFix.exe 2010-06-14 08:18:18 293376 ----a-w- C:\qzb3qivg.exe 2010-06-13 16:30:37 0 d-----w- c:\windows\LastGood.Tmp 2010-06-13 09:25:15 0 d-----w- C:\78b3d2db2c8339f5c3 2010-06-12 20:15:33 0 d-----w- C:\6a81e9c1698b693065ba9f 2010-06-10 07:31:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-01 09:53:21 0 d--h--w- C:\$AVG 2010-06-01 09:51:58 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-06-01 09:50:57 0 d-----w- c:\windows\SxsCaPendDel ==================== Find3M ==================== 2010-06-13 13:11:07 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-01 09:52:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-01 09:52:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-12 10:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys 2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll 2010-04-06 03:52:46 2462720 ------w- c:\windows\system32\dllcache\WMVCore.dll 2008-10-22 21:59:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102220081023\index.dat ============= FINISH: 17:40:34.15 =============== attach.txt should be attached to this post. I didn't see an ark.txt file and am not sure where the malwarebytes logs are. How can I fix this? Thanks, Attach.txt