1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

The application or DLL C:\WINDOWS\system32\msible.dll is not a valid Windows image

Discussion in 'Virus & Other Malware Removal' started by ZiggyZaggyZoggy, Apr 25, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. ZiggyZaggyZoggy

    ZiggyZaggyZoggy Thread Starter

    Joined:
    Apr 25, 2011
    Messages:
    6
    Hello everyone,

    First post here & I'm hoping someone can advise me on getting rid of a virus my PC picked up a couple of weeks ago.

    The application or DLL C:\WINDOWS\system32\msible.dll is not a valid Windows image. Please check this against your installation diskette appears on my computer repeatedly on start up & very often when I open something new.

    Other odd things are also happening - AVG warnings pop up pretty frequently telling me a threat has been blocked, if it's left inactive for about 10 minutes or so the desk top icons all disappear & usually will not reappear, it frequently freezes for minutes at a time, clicking on links occasionally ends somewhere completely different to where I should go, occasionally new windows tabs with some oddball search engine open on their own, sometimes it won't shut down & we end up just flicking the wall switch, sometimes it will not start properly & all that can be seen is a black screen.

    AVG free, Malwarebytes, SuperAnti Spyware & STOPzilla have been run many, many times & though they each claim to find something & kill it it just keeps coming back.

    I've run HijackThis & D.D.S. The log for HJT is below, D.D.S. doesn't appear to want to run & I don't know if I have script blocker running or how to turn it off, I didn't try to run GMER because, again, I'm a computer idiot & don't know if I have a 32 or 64 bit system.

    I'd be HUGELY grateful if someone could help me fix this. TIA.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:12:19, on 25/04/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17096)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Documents and Settings\Dave\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Hrezihago] rundll32.exe "C:\WINDOWS\eqenigowe.dll",Startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\msible.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
    O20 - Winlogon Notify: avgrsstarter - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

    --
    End of file - 7928 bytes


    EDIT: Just found out I have a 32 bit system & ran GMER. Log c & p'd below.


    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-26 00:38:26
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD800JD-75MSA2 rev.10.01E03
    Running: md8yd10z.exe; Driver: C:\DOCUME~1\Neil\LOCALS~1\Temp\kwlyiaoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA3DE6C0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA3DE770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA3DE810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA3DE8B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 27D8 80502010 4 Bytes CALL A2ACCA52
    init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7921760]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093000A
    .text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0094000A
    .text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0092000C
    .text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E6000A
    .text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 01F7000A
    .text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 01F8000A
    .text C:\WINDOWS\System32\svchost.exe[1236] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00DE000A
    .text C:\WINDOWS\Explorer.EXE[2332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\Explorer.EXE[2332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\Explorer.EXE[2332] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011E000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 011F000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3088] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 011D000C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3852] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402024 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86CEB27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86CEB27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86CEB27F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86CEB27F

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-75MSA2______________________10.01E03#5&f85c66f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @iedkcs32.dll,-3051
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @iedkcs32.dll,-3014
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SABWINLOLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SABWINLOLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SABWINLOStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SABWINLOShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] avgrsstx.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] AvgStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] crypt32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] ChainWlxLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] cryptnet.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] CryptnetWlxLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] cscdll.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonLogonEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonScreenSaverEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonStartupEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonShutdownEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonStartShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] %SystemRoot%\System32\dimsntfy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlDimsStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlDimsShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlDimsLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dim[email protected] WlDimsLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlDimsStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlDimsLock
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlDimsUnlock
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] igfxdev.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WinlogonUnlockEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] C:\WINDOWS\system32\klogon.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WLEventStop
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WLEventStart
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WLEventStart
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WLEventStop
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WLEventStart
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SCardStartCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SCardStopCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SCardSuspendCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp[email protected] SCardResumeCertProp
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SchedStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SchedEventLogOff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WLEventLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] sclgntfy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] WlNotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensLockEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensLogonEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensLogoffEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 600
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensStartScreenSaverEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensStopScreenSaverEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensStartupEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensShutdownEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensStartShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensPostShellEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensDisconnectEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensReconnectEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] SensUnlockEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventPostShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 600
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventReconnect
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] TSEventDisconnect
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] wlnotify.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] RegisterTicketExpiredNotificationEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] UnregisterTicketExpiredNotificationEvent
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected]_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected]_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected]_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\[email protected] 0

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----
     
  2. ZiggyZaggyZoggy

    ZiggyZaggyZoggy Thread Starter

    Joined:
    Apr 25, 2011
    Messages:
    6
    The DDS download is now working, no idea why it wasn't yesterday but hopefully with all the info now available someone can take a look & advise me.

    TIA

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Neil at 0:18:50.67 on 27/04/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.283 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Documents and Settings\Neil\Desktop\dds.com.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {8B68564D-53FD-4293-B80C-993A9F3988EE} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Hrezihago] rundll32.exe "c:\windows\eqenigowe.dll",Startup
    uPolicies-system: nvfiulyduulywgszwwkxTaskMgr = 0 (0x0)
    uPolicies-system: pngbyfqgrtkocnpfbpvxTaskMgr = 0 (0x0)
    uPolicies-system: EnableLUA = 0 (0x0)
    uPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    IE: Search with Wanadoo - c:\progra~1\wanadoo\wsbar\WSBar.dll/VSearch.htm
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\neil\applic~1\mozilla\firefox\profiles\i7uagu2r.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1304867&SearchSource=3&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: CookieCuller: {99B98C2C-7274-45a3-A640-D9DF1A1C8460} - %profile%\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: FoxyProxy Standard: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: FoxyProxy Basic: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: British English Dictionary: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {38D7B570-0B71-4FD7-BAF8-E5F3F79A7468} - c:\documents and settings\neil\local settings\application data\{38D7B570-0B71-4FD7-BAF8-E5F3F79A7468}
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-9 54752]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    RUnknown SASDIFSV;SASDIFSV; [x]
    RUnknown SASKUTIL;SASKUTIL; [x]
    RUnknown szkg5;szkg5; [x]
    RUnknown szkgfs;szkgfs; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-1-7 54272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    UnknownUnknown is3srv;is3srv; [x]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2011-04-25 13:49:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2011-04-21 08:26:47 -------- d-----w- c:\docume~1\neil\locals~1\applic~1\PCHealth
    2011-04-21 06:19:20 65536 ----a-w- C:\avcheck.exe
    2011-04-20 23:37:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\nPg06511mGpFh06511
    2011-04-14 14:11:40 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-04-12 14:29:05 -------- d-----w- c:\docume~1\neil\locals~1\applic~1\{38D7B570-0B71-4FD7-BAF8-E5F3F79A7468}
    2011-03-31 23:01:53 20 ----a-w- c:\windows\system32\MSIBLE.DLL
    .
    ==================== Find3M ====================
    .
    2011-04-26 09:20:11 0 ----a-w- c:\windows\Wcezikolakefupe.bin
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 19:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-02-17 19:00:28 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-02-17 19:00:28 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-17 19:00:27 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-17 11:44:16 389120 ----a-w- c:\windows\system32\html.iec
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-10 15:47:10 74703 ----a-w- c:\windows\system32\mfc45.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD800JD-75MSA2 rev.10.01E03 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CF8439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86cfe7d0]; MOV EAX, [0x86cfe84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86DA22B0]
    3 CLASSPNP[0xF762EFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86D5E500]
    \Driver\atapi[0x86D0C9B8] -> IRP_MJ_CREATE -> 0x86CF8439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD800JD-75MSA2______________________10.01E03#5&f85c66f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x86CF827F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 0:21:32.25 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/04/2008 16:16:09
    System Uptime: 26/04/2011 23:09:52 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0JC474
    Processor: Intel(R) Celeron(R) CPU 3.06GHz | Microprocessor | 3058/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 52.756 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: AVG miniport driver
    Device ID: ROOT\GR_AVGFWMP\0001
    Manufacturer: AVG Technologies
    Name: DM9601 USB To Fast Ethernet Adapter - AVG miniport driver
    PNP Device ID: ROOT\GR_AVGFWMP\0001
    Service: Avgfwdx
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: AVG miniport driver
    Device ID: ROOT\GR_AVGFWMP\0002
    Manufacturer: AVG Technologies
    Name: WAN Miniport (IP) - AVG miniport driver
    PNP Device ID: ROOT\GR_AVGFWMP\0002
    Service: Avgfwdx
    .
    ==== System Restore Points ===================
    .
    RP1: 22/04/2011 20:18:36 - System Checkpoint
    RP2: 24/04/2011 22:29:05 - System Checkpoint
    RP3: 25/04/2011 14:48:15 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP4: 26/04/2011 16:01:30 - System Checkpoint
    RP5: 26/04/2011 23:35:14 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 8.2.5
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    ArcSoft PhotoImpression 4
    AVG 2011
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    CCleaner
    Cookienator
    Driver Whiz
    FinePixViewer Resource
    FinePixViewer Ver.5.1
    FUJIFILM USB Driver
    getPlus(R)_ocx
    Google Earth
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImageMixer VCD2 LE for FinePix
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    IZArc 3.81
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 7.0
    Mozilla Firefox (3.6.16)
    MSN
    MSVCRT
    OpenOffice.org 2.4
    PokerStars
    QuickTime
    RAW FILE CONVERTER LE
    RealPlayer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    SigmaTel Audio
    Skype Toolbars
    Skype&#8482; 5.0
    SpeedTouch USB Software
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 1.1.5
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/04/2011 00:23:47, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    25/04/2011 15:14:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    25/04/2011 14:28:59, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    23/04/2011 19:17:44, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    23/04/2011 11:39:01, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001320D24D25 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    22/04/2011 20:46:46, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
    22/04/2011 20:46:46, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    22/04/2011 15:08:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm SASDIFSV SASKUTIL
    22/04/2011 13:58:48, error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
    21/04/2011 14:50:34, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    21/04/2011 01:27:16, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    21/04/2011 01:27:16, error: Service Control Manager [7034] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s).
    21/04/2011 00:47:33, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    21/04/2011 00:47:33, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    21/04/2011 00:47:33, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
    21/04/2011 00:47:33, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
    21/04/2011 00:47:33, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    21/04/2011 00:43:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
    21/04/2011 00:43:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
    21/04/2011 00:43:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    21/04/2011 00:43:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
    21/04/2011 00:43:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
    21/04/2011 00:43:40, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/04/2011 00:43:40, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/04/2011 00:43:40, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/04/2011 00:43:40, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    21/04/2011 00:38:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    20/04/2011 23:31:30, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    20/04/2011 22:47:45, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
    20/04/2011 22:47:45, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  3. ZiggyZaggyZoggy

    ZiggyZaggyZoggy Thread Starter

    Joined:
    Apr 25, 2011
    Messages:
    6
    Can anyone please help me with this? I'm getting no where on my own & this forum came so highly recommended.

    If you need more info, new HJT, DDS or what have you please just say the word.
     
  4. ZiggyZaggyZoggy

    ZiggyZaggyZoggy Thread Starter

    Joined:
    Apr 25, 2011
    Messages:
    6
    Bump!

    Just got the TSG News.

    Apparently, this is the one stop shop for tech answers etc so I'm still hopeful that someone responds! (y)

    Tech Support Guy​
    Newsletter​
    +++++++++++++++++++++++++++++++++++​
    May 2011
    Have a tech related question? Need an answer? Visit us at www.techguy.org. Your one stop shop for tech answers, news and discussion.

     
  5. ZiggyZaggyZoggy

    ZiggyZaggyZoggy Thread Starter

    Joined:
    Apr 25, 2011
    Messages:
    6
    This damn thing is now redirecting this family computer my children use to random porn sites when clicking on a completely harmless google or other link.

    Can anyone please help?
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/993422

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice