hki.exe virus?

[AshleeM]

i think i have the hki.exe virus or some type of infection dealing with it. I can see that 2 hki.exe's are running under the task manager along with 4 internet explorers. The internet processes are running under high numbers. when i use the internet i have popups to this one particular site that i cant recall at the moment. other times while using the browser my connection is ended once i have clicked on a site or i may experience a delay in time when the page is loading. i will add that i attempted to remove the XP Antispyware 2012 virus yesterday. after that i ran my Malwarebytes only on the :C drive and it picked up 330 infected objects in which i removed. along with the removals i removed the myfunweb tool bar and other linked apps.....so i thought. today i clicked on a website only to a have a prompt stating that my pc had myfunweb installed and that i should remove it along with a link. once i attempted to remove the myfunweb app thats when the trouble started. im not sure what has happened but i am seeking help. i am currently running malwarebytes now and so far it has detected 55 infected objects. there are other processes running under the task manager that i have never seen before such symlcsvc.exe, btwdins.exe, mDNSResponder..., ping.exe. as I also have several svchost.exe's running thats new. Any help is kindly appreciated. Thanks, Ashlee

[Elise]

Hello and

Can you please post me the MBAM log?

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

[AshleeM]

hi elise! thanks for assisting me. i have the log from the 9th and the most current one. seems like on every run im picking infeceted files. my interest response time has become slow. im now experiencing what i think is called the white screen of death in where my screen fades to white. i have a question, after runnin Malware and picking up the infected files i always remove the items but lookin into my quarantine folder today i see that there is 63 files located there. i didnt move the files there. should i remove those files also or leave them there?? other than those the same problems still exists. but here are the logs

12/9/11

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8332

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/9/2011 1:00:45 AM

mbam-log-2011-12-09 (01-00-45).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 313723

Time elapsed: 2 hour(s), 20 minute(s), 25 second(s)

Memory Processes Infected: 3

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 52

Memory Processes Infected:

c:\WINDOWS\Temp\hki1238.exe (Trojan.Email) -> 408 -> Unloaded process successfully.

c:\WINDOWS\Temp\hki1238.exe (Trojan.Email) -> 6020 -> Unloaded process successfully.

c:\WINDOWS\Temp\hki1238.exe (Trojan.Email) -> 4524 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Email) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\Temp\hki1238.exe (Trojan.Email) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP43\A0013347.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP43\A0013348.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP43\A0013349.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033216.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033217.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033218.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033219.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033220.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033221.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033222.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033223.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033224.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033225.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033226.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033227.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033228.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033230.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033231.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033232.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033235.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033236.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033237.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033238.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033239.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033240.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033241.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033242.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033243.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033244.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033245.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033246.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033248.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033249.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033250.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033251.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033252.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033253.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033255.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033256.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033257.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033258.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033259.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033271.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033272.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033297.com (Trojan.Email) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033229.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP75\A0033247.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\qklfp.com_ (Trojan.Email) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\ajjfoq\setup.exe (Trojan.Email) -> Quarantined and deleted successfully.

c:\documents and settings\david johns\Desktop\winlogon.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

12/11/11

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8332

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/11/2011 11:49:37 PM

mbam-log-2011-12-11 (23-49-37).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 311562

Time elapsed: 1 hour(s), 38 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\documents and settings\networkservice\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\networkservice\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

c:\WINDOWS\Temp\0.7893118571873254.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\nnnv0.10143494726568647.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.

DDS

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by DAVID JOHNS at 0:02:38 on 2011-12-12

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.378 [GMT -5:00]

.

AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-explorer: <NO NAME> =

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67

TCP: Interfaces\{86CD6A38-A5C2-421F-9D90-FE94F45A425B} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-12 41272]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVENG.SYS [2008-10-20 89104]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVEX15.SYS [2008-10-20 873552]

S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-1 1245064]

SUnknown SPService;SPService; [x]

.

=============== Created Last 30 ================

.

2011-12-12 05:00:50 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-08 08:42:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-11-18 01:53:41 -------- d-----w- c:\documents and settings\david johns\local settings\application data\Apple Computer

2011-11-18 01:51:13 -------- d-----w- c:\program files\iTunes

2011-11-18 01:51:13 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-11-18 01:50:36 -------- d-----w- c:\documents and settings\david johns\local settings\application data\Apple

2011-11-18 01:49:53 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-11-18 01:49:53 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-11-18 01:48:55 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-12-09 08:08:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-23 03:42:21 527652 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-09-28 18:45:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 06:56:26 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-09-12 09:17:59 470 ----a-w- c:\program files\091220115175975.bat

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 0:08:24.31 ===============

[Elise]

Hi, unfortunately you have a nasty rootkit on your computer, please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[AshleeM]

sorry for the delay but will after combofix ran and rebooted my keyboard and sensor(mousepad) has completely stopped working. is this an issued cause by using combofix? if so, is it fixable?? but i did manage to use an external KYBD and mouse and retrived the combofix log

ComboFix 11-12-12.01 - DAVID JOHNS 12/12/2011 14:31:16.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.555 [GMT -5:00]

Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

C:\Install.exe

c:\windows\$NtUninstallKB62280$\2382983153

c:\windows\$NtUninstallKB62280$\485945278\@

c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp

c:\windows\$NtUninstallKB62280$\485945278\cfg.ini

c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini

c:\windows\$NtUninstallKB62280$\485945278\keywords

c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll

c:\windows\$NtUninstallKB62280$\485945278\L\yaywbcos

c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver

c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@

c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@

c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@

c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@

c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@

c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@

c:\windows\$NtUninstallKB62280$ . . . . Failed to delete

.

[Elise]

No, combofix should not do that, however it looks like the scan did not complete. I have a pretty good idea why the keyboard/mouse stopped working, but lets see if we can confirm/fix it. Please rerun combofix and post me the new log.

[AshleeM]

Im not sure if this is any help but i ran a new MBAM log because i had the XP Security 2012 virus. ill post the log in case its any help along with the combofix log.

ComboFix 11-12-13.03 - DAVID JOHNS 12/14/2011 14:49:14.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.530 [GMT -5:00]

Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-12 19:27 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-12-12 19:27 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2011-12-12 19:27 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-12 19:27 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-12-12 19:25 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-12-12 19:25 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2011-12-12 19:25 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2011-12-12 19:25 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2011-12-09 02:55 . 2011-12-09 02:55 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE

2011-12-08 08:42 . 2011-12-08 08:42 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-11-18 01:53 . 2011-11-18 02:05 -------- d-----w- c:\documents and settings\DAVID JOHNS\Application Data\Apple Computer

2011-11-18 01:53 . 2011-11-18 01:53 -------- d-----w- c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\Apple Computer

2011-11-18 01:51 . 2011-11-18 01:52 -------- d-----w- c:\program files\iTunes

2011-11-18 01:51 . 2011-11-18 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-11-18 01:51 . 2011-11-18 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2011-11-18 01:50 . 2011-11-18 01:50 -------- d-----w- c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\Apple

2011-11-18 01:50 . 2011-11-18 01:50 -------- d-----w- c:\program files\Apple Software Update

2011-11-18 01:50 . 2011-11-18 01:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-11-18 01:49 . 2011-08-02 22:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-11-18 01:49 . 2011-08-02 22:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-11-18 01:48 . 2011-11-18 01:48 -------- d-----w- c:\program files\Bonjour

2011-11-18 01:48 . 2011-11-18 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-09 08:08 . 2011-06-28 18:02 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-23 03:42 . 2011-11-07 18:30 527652 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-09-28 18:45 . 2011-09-17 03:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-16 06:56 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-09-12 09:17 . 2011-09-12 09:17 470 ----a-w- c:\program files\091220115175975.bat

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2011-12-12_19.57.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-14 19:01 . 2011-12-14 19:01 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat

+ 2011-12-14 19:01 . 2011-12-14 19:01 16384 c:\windows\Temp\Perflib_Perfdata_278.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-09-16 273528]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALLTEL DSL Check-up Center.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ALLTEL DSL Check-up Center.lnk

backup=c:\windows\pss\ALLTEL DSL Check-up Center.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk

backup=c:\windows\pss\Belkin 802.11g Wireless Card Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVID JOHNS^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-07-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2005-02-17 21:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]

2008-07-19 03:08 1306624 ---ha-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2005-11-16 15:30 503808 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-10-18 19:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

2005-10-11 17:23 1187840 ---ha-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-11-09 04:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-02-02 12:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2005-02-02 12:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 2:37 PM 149352]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 10:18 AM 200192]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 8:41 PM 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 9:32 PM 23888]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 8:41 PM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

mmen REG_MULTI_SZ mmen

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40]

.

2011-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]

.

2011-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]

.

2011-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]

.

2011-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-14 15:05

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,d6,26,87,91,44,1d,44,8e,18,62,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,d6,26,87,91,44,1d,44,8e,18,62,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2120)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-14 15:09:54

ComboFix-quarantined-files.txt 2011-12-14 20:09

ComboFix2.txt 2011-12-12 20:05

ComboFix3.txt 2011-08-09 22:23

ComboFix4.txt 2011-07-29 02:16

ComboFix5.txt 2011-12-14 19:47

.

Pre-Run: 8,561,037,312 bytes free

Post-Run: 8,914,649,088 bytes free

.

- - End Of File - - A44480F7E731A1EE478F820AAACD9F44

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8332

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/14/2011 2:44:33 AM

mbam-log-2011-12-14 (02-44-33).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 299834

Time elapsed: 1 hour(s), 25 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 5

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DAVID JOHNS\Local Settings\Application Data\uhx.exe" -a " -safe-mode") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\DAVID JOHNS\Local Settings\Application Data\uhx.exe" -a "C:\Program Files\internet explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{d5341f9c-33f7-43cf-8bd2-1ae937c9ba1b}\RP76\A0035444.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

[Elise]

Hi, your logs look good now, how are things running at your end? Any problem left?

[AshleeM]

well as of now the only problems that i have encountered is that once i logged on my resolution had been changed without me doing so, my desktop icons rearranged, and my keyboard and mousepad arent working still. i do not to wish to use the external ones because its too much to deal with when i take the laptop with me. is there anyway you can help me fix this problem?? also im not sure what the white screen thing is but it corrects itself when i adjust the screen to a different position. do you have any insight to what that could be?? the last thing i would like to ask concerns with the quarantined files on MBAM, should i remove/delete them or just let them stay in the quarantined vault?? those are the only concern that i have thus far. thanks elise for the help that you have provided for me.

[AshleeM]

i replied to this about an hr ago but i dont see the post!!

[AshleeM]

i replied to this about an hr ago but i dont see the post!!

ok i see the other post but once i go back to the topic i cant see any other post after number 8. i dont see an option for a page 2

[Elise]

You can safely remove all quarantined items, although they are no threat if they remain on your system.

If the screen issue is resolved by moving the display, then it is most likely a hardware issue. Not uncommon on laptops, most likely some contacts have gone loose. This may also explain the resolution change.

To see if we can find the reason for the mouse/keyboard problem, please rerun DDS and post me attach.txt (will be minimized when the scan is done).

[AshleeM]

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by DAVID JOHNS at 21:30:57 on 2011-12-15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.436 [GMT -5:00]

.

AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\DAVID JOHNS\Application Data\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\DAVIDJ~1\LOCALS~1\Temp\symlcsv1.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-explorer: <NO NAME> =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67

TCP: Interfaces\{86CD6A38-A5C2-421F-9D90-FE94F45A425B} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]

R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-1 1245064]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]

S2 avgwd;AVG WatchDog;"c:\program files\avg\avg10\avgwdsvc.exe" --> c:\program files\avg\avg10\avgwdsvc.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVENG.SYS [2008-10-20 89104]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVEX15.SYS [2008-10-20 873552]

.

=============== Created Last 30 ================

.

2011-12-12 19:27:57 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-12-12 19:27:57 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2011-12-12 19:27:50 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-12-12 19:27:50 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-12-12 19:25:51 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-12-12 19:25:51 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2011-12-12 19:25:46 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2011-12-12 19:25:46 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2011-12-08 08:42:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2011-11-18 01:53:41 -------- d-----w- c:\documents and settings\david johns\local settings\application data\Apple Computer

2011-11-18 01:51:13 -------- d-----w- c:\program files\iTunes

2011-11-18 01:51:13 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-11-18 01:50:36 -------- d-----w- c:\documents and settings\david johns\local settings\application data\Apple

2011-11-18 01:49:53 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-11-18 01:49:53 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-11-18 01:48:55 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-12-09 08:08:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-11-23 03:42:21 527652 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-09-28 18:45:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-12 09:17:59 470 ----a-w- c:\program files\091220115175975.bat

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 21:33:27.53 ===============

[Elise]

That is dds.txt, I need to see attach.txt (it will be minimized when the scan is finished).

[AshleeM]

idk how to zip the file. sorry for not completely reading the instructions.

[Elise]

There is no need to zip it, just copy/paste its contents in the reply box just as you did for dds.txt

[AshleeM]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/27/2008 9:46:52 PM

System Uptime: 12/17/2011 3:00:50 PM (0 hours ago)

.

Motherboard: Quanta | | 3093

Processor: AMD Turion 64 Mobile Technology ML-34 | U23 | 1794/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 67 GiB total, 8.052 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 0.802 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: MAC Bridge Miniport

Device ID: ROOT\MS_BRIDGEMP\0000

Manufacturer: Microsoft

Name: MAC Bridge Miniport

PNP Device ID: ROOT\MS_BRIDGEMP\0000

Service: BridgeMP

.

==== System Restore Points ===================

.

RP31: 9/17/2011 1:18:06 AM - System Checkpoint

RP32: 9/19/2011 8:35:57 PM - System Checkpoint

RP33: 9/21/2011 3:36:25 AM - System Checkpoint

RP34: 9/23/2011 1:19:13 AM - System Checkpoint

RP35: 9/26/2011 2:25:14 AM - System Checkpoint

RP36: 9/28/2011 8:45:06 PM - System Checkpoint

RP37: 9/28/2011 10:30:59 PM - Installed HP Integrated Module with Bluetooth wireless technology

RP38: 9/28/2011 11:44:07 PM - Installed HP Help and Support

RP39: 10/3/2011 7:56:31 PM - System Checkpoint

RP40: 10/4/2011 9:19:05 PM - System Checkpoint

RP41: 10/6/2011 8:46:46 PM - System Checkpoint

RP42: 10/9/2011 1:17:57 AM - System Checkpoint

RP43: 10/10/2011 2:05:35 AM - System Checkpoint

RP44: 10/11/2011 2:25:51 AM - System Checkpoint

RP45: 10/12/2011 2:33:28 AM - System Checkpoint

RP46: 10/15/2011 2:32:54 AM - System Checkpoint

RP47: 10/17/2011 3:05:04 AM - System Checkpoint

RP48: 10/18/2011 11:42:31 PM - System Checkpoint

RP49: 10/21/2011 1:53:04 AM - System Checkpoint

RP50: 10/22/2011 3:21:26 AM - System Checkpoint

RP51: 10/23/2011 11:39:00 AM - System Checkpoint

RP52: 10/24/2011 8:07:02 PM - System Checkpoint

RP53: 10/26/2011 8:00:23 PM - System Checkpoint

RP54: 10/28/2011 3:37:59 AM - System Checkpoint

RP55: 10/29/2011 4:12:10 AM - System Checkpoint

RP56: 10/31/2011 7:19:15 PM - System Checkpoint

RP57: 11/2/2011 6:15:52 PM - System Checkpoint

RP58: 11/3/2011 11:11:08 PM - System Checkpoint

RP59: 11/4/2011 11:40:18 PM - System Checkpoint

RP60: 11/5/2011 11:06:49 PM - System Checkpoint

RP61: 11/7/2011 2:26:28 PM - System Checkpoint

RP62: 11/9/2011 12:06:52 AM - System Checkpoint

RP63: 11/14/2011 11:06:16 PM - System Checkpoint

RP64: 11/17/2011 7:47:15 PM - System Checkpoint

RP65: 11/17/2011 8:50:59 PM - Installed iTunes

RP66: 11/19/2011 7:43:54 AM - System Checkpoint

RP67: 11/23/2011 2:46:50 AM - System Checkpoint

RP68: 11/24/2011 3:05:33 AM - System Checkpoint

RP69: 11/25/2011 6:30:09 PM - System Checkpoint

RP70: 11/27/2011 9:54:42 PM - System Checkpoint

RP71: 11/28/2011 10:42:05 PM - System Checkpoint

RP72: 11/29/2011 11:24:39 PM - System Checkpoint

RP73: 12/2/2011 1:25:32 AM - System Checkpoint

RP74: 12/5/2011 6:44:18 PM - System Checkpoint

RP75: 12/7/2011 4:12:48 PM - System Checkpoint

RP76: 12/12/2011 3:39:35 AM - ComboFix created restore point

RP77: 12/13/2011 5:29:09 PM - System Checkpoint

RP78: 12/15/2011 1:58:06 AM - System Checkpoint

RP79: 12/17/2011 5:20:15 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player 11.6

AppCore

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Athlon 64 Processor Driver

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

AVG 2011

Backup

Bicycle Card Games 1.0 Demo

BitPim 1.0.6

Bonjour

Brain Training for Dummies

Broadcom 802.11 Wireless LAN Adapter

BufferChm

ccCommon

CCleaner

Conexant AC-Link Audio

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

CueTour

Customer Experience Enhancement

Data Fax SoftModem with SmartCP

Destinations

DeviceManagementQFolder

Easy Internet Sign-up

ffdshow [rev 2527] [2008-12-19]

FrostWire 4.20.9

FullDPAppQFolder

GearDrvs

Google Toolbar for Internet Explorer

Google Update Helper

Haali Media Splitter

HiJackThis

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP DVD Play 2.0

HP Help and Support

HP Imaging Device Functions 6.0

HP Integrated Module with Bluetooth wireless technology

HP Photosmart Premier Software 6.0

HP Software Update

HP User Guides--System Recovery

HP User Guides 0024

HP Wireless Assistant 2.00 B3

HpSdpAppCoreApp

InstantShareDevices

Itibiti RTC

iTunes

Java 6 Update 26

LightScribe System Software 1.10.19.1

LiveUpdate (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 4.5

Norton 360

Norton 360 (Symantec Corporation)

Norton 360 HTMLHelp

Norton Confidential Core

Office 2003 Trial Assistant

OptionalContentQFolder

PhotoGallery

Quick Launch Buttons 5.20 G1

Quicken 2006

RandMap

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

SecondLifeViewer2 (remove only)

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

SkinsHP1

Skype™ 5.5

Sonic_PrimoSDK

SPBBC 32bit

swMSM

Symantec Real Time Storage Protection Component

Symantec Technical Support Controls

SymNet

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TourSetup

Uninstall Dual Mode Camera (V25)

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

Wireless Home Network Setup

Yahoo! Detect

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

12/17/2011 4:07:48 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.

12/17/2011 4:07:48 AM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.

12/17/2011 3:02:20 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: Access is denied.

12/17/2011 3:02:09 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.

12/17/2011 3:02:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSEH

12/17/2011 3:02:08 PM, error: RemoteAccess [20151] - The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

12/17/2011 3:02:08 PM, error: RemoteAccess [20070] - Point to Point Protocol engine was unable to load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified module could not be found.

12/17/2011 3:02:08 PM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.

12/17/2011 3:01:56 PM, error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The system cannot find the file specified.

12/17/2011 3:01:56 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the path specified.

.

==== End Of File ===========================

[Elise]

Click Start > Run, type devmgmt.msc and press enter.

Under Human Interface Devices let me know what is listed and if there is any device there disabled or malfunctioning (X, ! or ? in front of the device).

[AshleeM]

-Human Interface Devices

-HID-compliant consumer control device

-HID-compliant device

-HID-compliant device

-HID-compliant device

-USB Human Interface Device

-USB Human Interface Device

-USB Human Interface Device

thats all that is says and there are none of the items you mentioned in front of them. also is states that every one of the items are enabled and working properly.

[Elise]

Lets have a look at the different device settings.

We Need to Run a Batch Script

1. Go to Start -> Run...
   
2. Enter notepad in the Run dialog box.
   
3. Press .
   
4. Highlight the contents of the following codebox, and copy and paste that text into notepad.
   

   @echo off
   reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}" /s >> export.txt
   reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}" /s >> export.txt
   start export.txt
   del %0
   

   
   

5. Select File -> Save.
   
6. Press the Desktop button on the left side of the save dialog.
   
7. In the box, type in Fix.bat.
   
8. Press .
   
9. Close Notepad.
   
10. Double click on your desktop.
    

A file named export.txt will open. Please post its contents in your next reply.

[AshleeM]

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}

Class REG_SZ Keyboard

UpperFilters REG_MULTI_SZ kbdclass\0\0

<NO NAME> REG_SZ Keyboards

Icon REG_SZ -3

Installer32 REG_SZ SysSetup.Dll,KeyboardClassInstaller

NoInstallClass REG_SZ 1

TroubleShooter-0 REG_SZ hcp://help/tshoot/hdw_keyboard.htm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0000

InfPath REG_SZ keyboard.inf

InfSection REG_SZ HID_Keyboard_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.5512

MatchingDeviceId REG_SZ hid_device_system_keyboard

DriverDesc REG_SZ HID Keyboard Device

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0001

LocationInformationOverride REG_SZ plugged into keyboard port

InfPath REG_SZ oem15.inf

InfSection REG_SZ EABII_Inst

ProviderName REG_SZ Hewlett-Packard

DriverDateData REG_BINARY 008094EC75B2C501

DriverDate REG_SZ 9-6-2005

DriverVersion REG_SZ 4.20.1.4

MatchingDeviceId REG_SZ *pnp0303

DriverDesc REG_SZ Quick Launch Buttons

InfSectionExt REG_SZ .NTx86

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0002

InfPath REG_SZ keyboard.inf

InfSection REG_SZ HID_Keyboard_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.5512

MatchingDeviceId REG_SZ hid_device_system_keyboard

DriverDesc REG_SZ HID Keyboard Device

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0003

InfPath REG_SZ keyboard.inf

InfSection REG_SZ HID_Keyboard_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.5512

MatchingDeviceId REG_SZ hid_device_system_keyboard

DriverDesc REG_SZ HID Keyboard Device

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0004

InfPath REG_SZ keyboard.inf

InfSection REG_SZ HID_Keyboard_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.5512

MatchingDeviceId REG_SZ hid_device_system_keyboard

DriverDesc REG_SZ HID Keyboard Device

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}

Class REG_SZ Mouse

UpperFilters REG_MULTI_SZ mouclass\0\0

<NO NAME> REG_SZ Mice and other pointing devices

Icon REG_SZ -2

Installer32 REG_SZ SysSetup.Dll,MouseClassInstaller

NoInstallClass REG_SZ 1

TroubleShooter-0 REG_SZ hcp://help/tshoot/hdw_mouse.htm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0000

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid\vid_045e&pid_0040

DriverDesc REG_SZ Microsoft USB Wheel Mouse Optical

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0001

LocationInformationOverride REG_SZ plugged into PS/2 mouse port

InfPath REG_SZ oem14.inf

InfSection REG_SZ HPQ_GROUP3_PS2_Inst

ProviderName REG_SZ Synaptics

DriverDateData REG_BINARY 00805A23BA08C501

DriverDate REG_SZ 2-2-2005

DriverVersion REG_SZ 7.13.0.1

MatchingDeviceId REG_SZ *syn011c

DriverDesc REG_SZ Synaptics PS/2 Port TouchPad

CoInstallers32 REG_MULTI_SZ SynTPCo2.dll,PS2DeviceInstall\0\0

EnumPropPages32 REG_SZ syssetup.dll,PS2MousePropPageProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0002

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0003

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0004

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0005

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0006

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0007

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}\0008

InfPath REG_SZ msmouse.inf

InfSection REG_SZ HID_Mouse_Inst

InfSectionExt REG_SZ .NT

ProviderName REG_SZ Microsoft

DriverDateData REG_BINARY 008062C5C001C101

DriverDate REG_SZ 7-1-2001

DriverVersion REG_SZ 5.1.2600.0

MatchingDeviceId REG_SZ hid_device_system_mouse

DriverDesc REG_SZ HID-compliant mouse

[Elise]

In Device Manager, right click on the following devices and select Uninstall:

HID-compliant consumer control device

-HID-compliant device

-HID-compliant device

-HID-compliant device

Uninstall them all and then reboot. You should now be prompted with the add new hardware wizard. Allow it to connect and see if the drivers are reinstalled correctly (if the devices do not get detected, temporary remove the usb keyboard and mouse).

[AshleeM]

ok i uninstalled them and rebooted but i was not prompted with the add new hardware wizard. i then went under the device manager and they were all there again. i then removed the usb KYBD and mouse and nothing still happened. since i didnt get the prompt did i do something wrong??

[Elise]

It is possible they were automatically reinstalled. Did you get the confirmation prompt: are you sure you want to uninstall this device... (or something similar)?

Have you tried removing the USB devices, is there any change?

If not, navigate to c:\windows\erdnt\hiv-backup\erdnt.exe and double click to restore the registry to before we ran Combofix. Let me know if the mouse/kb work afterwards.

[AshleeM]

yes it did ask me if i was sure if i wanted to uninstall. i did remove the usb for a min or 2 and they still didnt read. how do i navigate there?? using the run option??

will it state a registry point before using combofix??? or just state restore registry? im not sure of the exact date that i ran combofix i just remember that it was in the AM hrs.