Solved windows\system32\drivers\services.exe (start up error)

[Resolved] windows\system32\drivers\services.exe (start up error)

i tried all i can think of i cant get rid of thsat error.

DDs.txt:

DDS (Ver_09-02-01.01) - NTFSx86
Run by R at 19:38:06.23 on Mon 02/09/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.528 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\R\Desktop\dds.pif
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.3.204:8080
uInternet Settings,ProxyOverride = *.local
mWinlogon: shell=Explorer.exe %windir%\system32\drivers\services.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Windows Video Drivers] c:\recycler\s-1-5-21-2039677495-8983459011-223869783-7838\winlogon.exe
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [TFNF5] TFNF5.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [userd] c:\windows\recycler\systems.com
mRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177166322991
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.2610416667
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\r\applic~1\mozilla\firefox\profiles\agtjf2cf.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-11-6 42376]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-4 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-4-22 27656]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-11-6 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-11-6 81288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-2 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-9-30 747912]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-9-30 948616]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
S2 Microsoft Service Controler;Microsoft Service Controler; [x]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-9 33752]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-3-14 44928]
S4 Nerfvm;Nerfvm; [x]

=============== Created Last 30 ================

2009-02-09 01:14 <DIR> --d----- c:\documents and settings\r\.housecall6.6
2009-02-04 09:04 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-04 09:03 <DIR> --d----- c:\program files\Panda Security
2009-02-02 20:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-02 20:44 <DIR> --d-h--- C:\$AVG8.VAULT$

==================== Find3M ====================

2009-02-02 20:52 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-14 00:03 112,923 a------- c:\windows\hpoins07.dat

============= FINISH: 19:39:06.26 ===============

 

attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/12/2007 7:43:59 PM
System Uptime: 2/9/2009 5:47:53 PM (2 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1.50GHz | uFC-PGA Socket | 987/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 7.562 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3dsmax ancillary install
5600
5600Trb
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe InDesign CS
Adobe Photoshop CS2
Adobe Reader 9
Adobe Stock Photos 1.0
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
AutoCAD 2006 - English
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AVG Free 8.0
Backburner
Bonjour
BufferChm
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CD/DVD Drive Acoustic Silencer
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
DocProc
DU Meter
eSupportQFolder
Fax
FBX Plugin 2006.08 for Max 9.0
getPlus(R) for Adobe
Google Updater
Hotfix for Windows XP (KB952287)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Intel(R) Network Connections Drivers
Intel(R) PROSet for Wireless
InterVideo WinDVD 4
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_03
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
MovieEdit Task
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NewCopy
Nokia Connectivity Cable Driver
NVIDIA Windows 2000/XP Display Drivers
Panda ActiveScan
Panda ActiveScan 2.0
PC Connectivity Solution
PhotoStitch
Picture Package Music Transfer
ProductContext
QuickTime
RAW Image Task 2.2
Readme
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SigmaTel AC97 Audio Drivers
Skype™ 3.8
SolutionCenter
Sony Picture Utility
Sony USB Driver
Spyware Doctor 5.5
SpywareBlaster 4.1
Status
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
Toshiba Hotkey Utility for Display Devices
TOSHIBA Manuals
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WD Diagnostics
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/9/2009 3:29:36 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
2/9/2009 4:08:11 AM, error: Print [23] - Printer Dell Photo Printer 720,0 failed to initialize because a suitable Dell Photo Printer 720 driver could not be found.
2/9/2009 4:21:22 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

==== End Of File ===========================

edit: should i post the logs for the other PC thats on the Network?

 

Hi braindead, and welcome.

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

ty for taking a look at this:

ComboFix 09-02-10.02 - R 2009-02-11 10:07:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.592 [GMT 2:00]
Running from: c:\documents and settings\R\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-09 03:57 . 2009-02-09 03:57 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-09 02:06 . 2009-02-09 02:06 <DIR> d-------- c:\program files\NOS
2009-02-09 02:06 . 2009-02-09 02:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-09 01:14 . 2009-02-09 02:06 <DIR> d-------- c:\documents and settings\R\.housecall6.6
2009-02-04 09:04 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-04 09:03 . 2009-02-04 09:03 <DIR> d-------- c:\program files\Panda Security
2009-02-02 20:52 . 2009-02-02 20:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-02 20:44 . 2009-02-11 07:07 <DIR> d--h----- C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 07:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-11 05:06 --------- d-----w c:\program files\Spyware Doctor
2009-02-10 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-09 16:49 --------- d-----w c:\documents and settings\R\Application Data\Skype
2009-02-08 14:00 --------- d-----w c:\documents and settings\R\Application Data\skypePM
2009-02-08 12:09 --------- d-----w c:\documents and settings\R\Application Data\AdobeUM
2009-02-02 18:52 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-02 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"Windows Video Drivers "= "c:\recycler\S-1-5-21-2039677495-8983459011-223869783-7838\winlogon.exe" [2009-01-22 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmaTel StacMon "= "c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-09-24 4861952]
"00THotkey "= "c:\windows\System32\00THotkey.exe" [2003-05-23 16:15 253952]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 614400]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"SunJavaUpdateSched "= "c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-03-16 32881]
"PRONoMgr.exe "= "c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"DU Meter "= "c:\program files\DU Meter\DUMeter.exe" [2004-08-25 1465856]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-02 1601304]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LTSMMSG "= "LTSMMSG.exe" [2003-04-18 c:\windows\ltsmmsg.exe]
"nwiz "= "nwiz.exe" [2003-09-24 c:\windows\system32\nwiz.exe]
"TFNF5 "= "TFNF5.exe" [2003-07-18 c:\windows\system32\TFNF5.exe]
"000StTHK "= "000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]
"TPSMain "= "TPSMain.exe" [2003-10-02 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 16:49 110592 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-02 20:52 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systry]
--a------ 2008-04-14 02:12 69120 c:\windows\system32\notepad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-04 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-08-07 6528]
S2 Microsoft Service Controler;Microsoft Service Controler; [x]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-09 33752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-09-30 747912]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-03-14 44928]
S4 Nerfvm;Nerfvm; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1162a7e2-dd68-11dc-bfac-000e3560b40b}]
\Shell\AutoRun\command - E:\a1.bat
\Shell\explore\Command - E:\a1.bat
\Shell\open\Command - E:\a1.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73651642-f353-11db-beb1-000e3560b40b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794465e6-3582-11dd-bfd6-000e3560b40b}]
\Shell\AutoRun\command - 6x8be16.cmd
\Shell\explore\Command - 6x8be16.cmd
\Shell\open\Command - 6x8be16.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1950c3c-0b12-11dd-bfbf-000e3560b40b}]
\Shell\AutoRun\command - gy.cmd
\Shell\explore\Command - gy.cmd
\Shell\open\Command - gy.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9076d02-bc4e-11dc-bf9e-000e3560b40b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-31 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2008-01-09 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-userd - c:\windows\RECYCLER\systems.com


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.3.204:8080
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\agtjf2cf.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 10:09:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\System32\LgNotify.dll
.
Completion time: 2009-02-11 10:11:19
ComboFix-quarantined-files.txt 2009-02-11 08:11:09

Pre-Run: 7,977,287,680 bytes free
Post-Run: 8,043,384,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

188 --- E O F --- 2009-01-26 22:30:52

 

i forgot to mention the startup error is gone now.
but it seems i still have viruses lurking arround trojans in temp folder randomly appearing with file names "###.exe" or sometimes "temp###.exe" (something i thought i got rid of before posting this thread)
also i have realized that the network on this side isnt working either, i cant access the remote printer or the remote shared folders. (i have mentioned this problem on my other thread malware virus dialer works.html

 

You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Now, once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Windows Video Drivers "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systry]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1162a7e2-dd68-11dc-bfac-000e3560b40b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73651642-f353-11db-beb1-000e3560b40b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794465e6-3582-11dd-bfd6-000e3560b40b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1950c3c-0b12-11dd-bfbf-000e3560b40b}]
Driver::
Nerfvm
Microsoft Service Controler

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

 

hmm, seems to be a dead link. (404 error)

i tried searching for it but all hits give me same link as posted above or they try to send to some sites i dont think i should go to.

i did clean up the Flash drives manually:
as usuall i deleted the:
Recycle Folder
System Folder
Restored Folder
Autobat.ini (or something like that)

ComboFix Log:
ComboFix 09-02-12.03 - R 2009-02-13 19:43:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.599 [GMT 2:00]
Running from: c:\documents and settings\R\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\R\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MICROSOFT_SERVICE_CONTROLER
-------\Service_Microsoft Service Controler
-------\Service_Nerfvm


((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-09 03:57 . 2009-02-09 03:57 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-09 02:06 . 2009-02-09 02:06 <DIR> d-------- c:\program files\NOS
2009-02-09 02:06 . 2009-02-09 02:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-02-09 01:14 . 2009-02-09 02:06 <DIR> d-------- c:\documents and settings\R\.housecall6.6
2009-02-04 09:04 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-04 09:03 . 2009-02-04 09:03 <DIR> d-------- c:\program files\Panda Security
2009-02-02 20:52 . 2009-02-02 20:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-02 20:44 . 2009-02-13 18:42 <DIR> d--h----- C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 17:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 16:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-13 16:38 --------- d-----w c:\program files\Spyware Doctor
2009-02-09 16:49 --------- d-----w c:\documents and settings\R\Application Data\Skype
2009-02-08 14:00 --------- d-----w c:\documents and settings\R\Application Data\skypePM
2009-02-08 12:09 --------- d-----w c:\documents and settings\R\Application Data\AdobeUM
2009-02-02 18:52 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-02 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
.

((((((((((((((((((((((((((((( SnapShot@2009-02-11_10.10.02.63 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmaTel StacMon "= "c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-09-24 4861952]
"00THotkey "= "c:\windows\System32\00THotkey.exe" [2003-05-23 16:15 253952]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 614400]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"SunJavaUpdateSched "= "c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-03-16 32881]
"PRONoMgr.exe "= "c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"DU Meter "= "c:\program files\DU Meter\DUMeter.exe" [2004-08-25 1465856]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-02 1601304]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LTSMMSG "= "LTSMMSG.exe" [2003-04-18 c:\windows\ltsmmsg.exe]
"nwiz "= "nwiz.exe" [2003-09-24 c:\windows\system32\nwiz.exe]
"TFNF5 "= "TFNF5.exe" [2003-07-18 c:\windows\system32\TFNF5.exe]
"000StTHK "= "000StTHK.exe" [2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe]
"TPSMain "= "TPSMain.exe" [2003-10-02 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 16:49 110592 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-02 20:52 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-04 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-08-07 6528]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-09 33752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-09-30 747912]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-03-14 44928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9076d02-bc4e-11dc-bf9e-000e3560b40b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-31 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2008-01-09 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.3.204:8080
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\R\Application Data\Mozilla\Firefox\Profiles\agtjf2cf.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 19:49:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\System32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\1XConfig.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-02-13 19:54:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-13 17:54:50
ComboFix2.txt 2009-02-11 08:11:20

Pre-Run: 7,966,887,936 bytes free
Post-Run: 7,867,645,952 bytes free

191 --- E O F --- 2009-02-11 20:10:10

 

In lieu of running Flash_Disinfector, formatting the flash drive will clean it completely. Thanks for letting me know about the link. I have fixed it in my last post, and I recommend you download and run it as described. It will add protection from future infections to the flash drive.

Log looks good. Lets see if an online scan reveals anything else hiding. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

the scan i had done and posted was for the wrong PC , thats is the good one.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 15, 2009 02:44:27
Records in database: 1798048
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 74989
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:38:10

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

Neither of those is a threat. Looks like we can cleanup the tools.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Delete dds.pif from the desktop.
You can delete Flash_Disinfector also.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

Uninstall all old Java components via Add/Remove Programs then install the latest JRE 6 Update 12 from here


Provided things are working normally again, that should finish things up.

 

combofix removed, Java "updated "

im keeping flash desinfector since i end up cleaning them on a weekly basis.
Tyvm for ur help sry for all the confusion.

 

Once you run Flash_Disinfector with a flash drive plugged in, you shouldn't be in need of cleaning it anymore. The tool will add protection to the flash drive.

Happy I could help. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!