"you may not have the appropriate permission to access the item"

Hi all, I Cannot open MBAM, HiJack This, AdAware, Spybot etc.. Thanks.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:39 on 20/09/2009 by Sandy (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [10:43 13/09/2009] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\System32\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61

Searching for "netlogon.dll"
C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [10:44 13/09/2009] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\System32\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B

Searching for "eventlog.dll"
No files found.

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 61952 bytes [08:43 02/11/2006] [09:46 02/11/2006] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

-=End Of File=-

please help

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\cngaudit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\System32\cngaudit.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:11, on 20/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
F:\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Advanced Woman Calendar] "C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe" -m
O4 - HKCU\..\Run: [PopRock] C:\Users\Sandy\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [NordBull] C:\Windows\msa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 6891 bytes

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [PopRock] C:\Users\Sandy\AppData\Local\Temp\a.exe
  O4 - HKCU\..\Run: [NordBull] C:\Windows\msa.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2832
Windows 6.0.6000

20/09/2009 23:23:22
mbam-log-2009-09-20 (23-23-22).txt

Scan type: Quick Scan
Objects scanned: 87123
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\Sandy\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sandy\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

after playing with my laptop all day.

the following is my latest hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:33, on 20/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\winlogon.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Advanced Woman Calendar] "C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe" -m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

--
End of file - 6862 bytes

Hello.
Please run MBAM, post the log when done.

Malwarebytes' Anti-Malware 1.41
Database version: 2832
Windows 6.0.6000

20/09/2009 23:23:22
mbam-log-2009-09-20 (23-23-22).txt

Scan type: Quick Scan
Objects scanned: 87123
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Users\Sandy\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sandy\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Sandy at 21:33:14.65 on 21/09/2009
Internet Explorer: 8.0.6001.18813
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.44.1033.18.2045.921 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Advanced Woman Calendar\WomanCalendar.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\aestsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sandy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Advanced Woman Calendar] "c:\program files\advanced woman calendar\WomanCalendar.exe" -m
uRun: [SpybotSD TeaTimer] c:\program files\spybot\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\sandy\appdata\roaming\mozilla\firefox\profiles\kupc0ndf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-20 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-11 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-11 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-9-7 73728]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-11 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot\SDWinSec.exe [2009-9-20 1153368]

=============== Created Last 30 ================

2009-09-21 20:47 --d----- C:\301098b59694e47fb7
2009-09-20 20:50 --d----- c:\program files\Spybot
2009-09-20 20:28 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 20:28 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-20 20:28 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 19:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-20 19:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-20 19:07 -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 19:07 -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-20 19:07 --d----- c:\program files\Lavasoft
2009-09-20 18:42 --dsh--- C:\$RECYCLE.BIN
2009-09-20 17:53 229,888 a------- c:\windows\PEV.exe
2009-09-20 17:53 161,792 a------- c:\windows\SWREG.exe
2009-09-20 17:53 98,816 a------- c:\windows\sed.exe
2009-09-20 00:22 --d----- c:\users\sandy\appdata\roaming\Malwarebytes
2009-09-20 00:22 --d----- c:\programdata\Malwarebytes
2009-09-20 00:22 --d----- c:\progra~2\Malwarebytes
2009-09-19 23:08 --d----- c:\programdata\Spybot - Search & Destroy
2009-09-19 23:08 --d----- c:\program files\Spybot - Search & Destroy
2009-09-19 23:08 --d----- c:\progra~2\Spybot - Search & Destroy
2009-09-19 19:33 --d----- c:\program files\CCleaner
2009-09-19 19:19 --d----- c:\program files\RAR Password Recovery Magic
2009-09-19 19:07 --d----- c:\programdata\Lavasoft
2009-09-19 00:50 --d----- c:\programdata\TEMP
2009-09-19 00:05 --d----- c:\program files\Advanced Woman Calendar
2009-09-19 00:02 --d----- c:\users\sandy\appdata\roaming\SoftOrbits
2009-09-13 12:24 --d----- C:\$AVG8.VAULT$
2009-09-12 21:20 --d----- c:\programdata\eMule
2009-09-12 21:20 --d----- c:\progra~2\eMule
2009-09-12 21:19 --d----- c:\program files\eMule
2009-09-12 11:27 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-12 11:27 1,686,528 a------- c:\windows\system32\gameux.dll
2009-09-11 22:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-11 22:14 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-11 22:13 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-11 22:13 --d----- c:\windows\system32\drivers\Avg
2009-09-11 22:13 --d----- c:\program files\AVG
2009-09-11 22:13 --d----- c:\programdata\avg8
2009-09-11 22:13 --d----- c:\progra~2\avg8
2009-09-11 21:51 --d----- c:\users\sandy\appdata\roaming\AVG8
2009-09-11 21:39 0 a------- c:\windows\system32\null
2009-09-11 21:39 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-09-11 21:38 --d----- c:\program files\DellTPad
2009-09-11 21:37 1,419,232 a------- c:\windows\system32\WdfCoInstaller01005.dll
2009-09-11 21:37 155,136 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-09-11 21:37 100,418 a------- c:\windows\system32\Vxdif.dll
2009-09-11 21:34 --d----- c:\programdata\SupportSoft
2009-09-11 21:34 --d----- c:\program files\Dell Support Center
2009-09-11 21:34 --d----- c:\program files\common files\supportsoft
2009-09-11 21:33 --d----- c:\programdata\Dell
2009-09-11 21:33 --d----- c:\users\sandy\appdata\roaming\Dell
2009-09-11 21:30 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-09-11 21:29 223,744 a------- c:\windows\system32\drivers\usbport.sys
2009-09-11 21:29 191,488 a------- c:\windows\system32\drivers\usbhub.sys
2009-09-11 21:29 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-09-11 21:29 22,528 a------- c:\windows\system32\drivers\usbuhci.sys
2009-09-11 21:29 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-09-11 21:28 13,928 a------- c:\windows\system32\drivers\msisadrv.sys
2009-09-11 21:28 12,776 a------- c:\windows\system32\drivers\swenum.sys
2009-09-11 21:28 50,280 a------- c:\windows\system32\drivers\volmgr.sys
2009-09-11 21:28 28,776 a------- c:\windows\system32\drivers\mssmbios.sys
2009-09-11 21:28 140,392 a------- c:\windows\system32\drivers\pci.sys
2009-09-11 21:28 50,792 a------- c:\windows\system32\drivers\termdd.sys
2009-09-09 11:10 1,657,350 a------- c:\windows\system32\wlan.tmf
2009-09-09 11:10 502,272 a------- c:\windows\system32\wlansvc.dll
2009-09-09 11:10 297,984 a------- c:\windows\system32\wlansec.dll
2009-09-09 11:10 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 11:10 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-09-09 11:10 47,104 a------- c:\windows\system32\wlanapi.dll
2009-09-09 11:10 12,876 a------- c:\windows\system32\wbem\wlan.mof
2009-09-09 11:10 123,904 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 11:07 2,855,424 a------- c:\windows\system32\mf.dll
2009-09-09 11:07 98,816 a------- c:\windows\system32\mfps.dll
2009-09-09 11:07 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-09-09 11:07 24,576 a------- c:\windows\system32\mfpmp.exe
2009-09-09 11:07 2,048 a------- c:\windows\system32\mferror.dll
2009-09-07 14:33 647,168 a------- c:\windows\system32\aestecap.dll
2009-09-07 14:33 131,072 a------- c:\windows\system32\aestacap.dll
2009-09-07 14:33 102,400 a------- c:\windows\system32\stacsv.exe
2009-09-07 14:33 73,728 a------- c:\windows\system32\AEstSrv.exe
2009-09-07 14:33 53,248 a------- c:\windows\system32\aestaren.dll
2009-09-07 14:33 4,947,968 a------- c:\windows\system32\stacgui.cpl
2009-09-07 14:33 1,601,536 a------- c:\windows\system32\stlang.dll
2009-09-07 14:32 595,456 a------- c:\windows\system32\stapo.dll
2009-09-07 14:32 492,544 a------- c:\windows\system32\ctapo32.dll
2009-09-07 14:32 330,240 a------- c:\windows\system32\drivers\stwrt.sys
2009-09-07 14:32 328,704 a------- c:\windows\system32\stcplx.dll
2009-09-07 14:32 299,520 a------- c:\windows\system32\stapi32.dll
2009-09-07 14:32 146,944 a------- c:\windows\system32\st325614.dll
2009-09-07 14:32 45,568 a------- c:\windows\system32\ctppld.dll
2009-09-07 14:32 --d----- c:\program files\SigmaTel
2009-09-07 14:29 --d----- C:\Dell
2009-08-29 12:16 268,800 a------- c:\windows\system32\es.dll
2009-08-27 11:19 --d----- c:\programdata\Adobe
2009-08-27 11:17 --d----- c:\programdata\NOS
2009-08-27 06:32 --d----- c:\windows\Panther
2009-08-27 06:32 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-08-27 06:32 438,840 a--shr-- C:\bootmgr
2009-08-27 06:32 --d----- C:\Boot
2009-08-27 06:32 36 a---hr-- c:\windows\DELL_VERSION
2009-08-27 06:32 --d----- c:\windows\system32\OEM
2009-08-27 00:51 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-08-27 00:37 2,048 a------- c:\windows\system32\tzres.dll
2009-08-27 00:32 61,440 a------- c:\windows\system32\winipsec.dll
2009-08-27 00:32 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-08-27 00:32 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-08-27 00:32 272,896 a------- c:\windows\system32\polstore.dll
2009-08-27 00:30 205,824 a------- c:\windows\system32\msoeacct.dll
2009-08-27 00:30 87,040 a------- c:\windows\system32\msoert2.dll
2009-08-27 00:30 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-08-27 00:29 194,560 a------- c:\windows\system32\WebClnt.dll
2009-08-27 00:29 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-08-27 00:28 2,028,032 a------- c:\windows\system32\win32k.sys
2009-08-27 00:27 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-27 00:27 156,160 a------- c:\windows\system32\t2embed.dll
2009-08-27 00:27 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-27 00:27 24,064 a------- c:\windows\system32\lpk.dll
2009-08-27 00:27 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-27 00:27 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-27 00:25 49,664 a------- c:\windows\system32\csrsrv.dll
2009-08-27 00:25 376,320 a------- c:\windows\system32\winsrv.dll
2009-08-27 00:23 376,832 a------- c:\windows\system32\winhttp.dll
2009-08-27 00:22 71,680 a------- c:\windows\system32\atl.dll
2009-08-27 00:20 297,472 a------- c:\windows\system32\gdi32.dll
2009-08-27 00:19 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-27 00:18 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-08-27 00:18 30,208 a------- c:\windows\system32\xolehlp.dll
2009-08-27 00:17 156,160 a------- c:\windows\system32\wkssvc.dll
2009-08-27 00:16 116,736 a------- c:\windows\system32\aaclient.dll
2009-08-27 00:16 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-08-27 00:16 36,352 a------- c:\windows\system32\tsgqec.dll
2009-08-27 00:14 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-08-27 00:13 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-08-27 00:13 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-27 00:12 414,208 a------- c:\windows\system32\msscp.dll
2009-08-27 00:10 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-08-27 00:10 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-08-27 00:10 86,016 a------- c:\windows\system32\icfupgd.dll
2009-08-27 00:10 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-08-27 00:10 61,952 a------- c:\windows\system32\cmifw.dll
2009-08-27 00:10 16,896 a------- c:\windows\system32\wfapigp.dll
2009-08-27 00:10 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-08-27 00:10 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-08-27 00:10 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-08-27 00:06 696,832 a------- c:\windows\system32\localspl.dll
2009-08-27 00:05 65,024 a------- c:\windows\system32\avicap32.dll
2009-08-27 00:05 123,904 a------- c:\windows\system32\msvfw32.dll
2009-08-27 00:05 88,576 a------- c:\windows\system32\avifil32.dll
2009-08-27 00:05 82,944 a------- c:\windows\system32\mciavi32.dll
2009-08-27 00:05 31,232 a------- c:\windows\system32\msvidc32.dll
2009-08-27 00:05 12,800 a------- c:\windows\system32\msrle32.dll
2009-08-27 00:03 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-08-27 00:02 2,923,520 a------- c:\windows\explorer.exe
2009-08-26 23:59 494,592 a------- c:\windows\system32\kerberos.dll
2009-08-26 23:59 216,576 a------- c:\windows\system32\msv1_0.dll
2009-08-26 23:59 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-26 23:59 1,233,920 a------- c:\windows\system32\lsasrv.dll
2009-08-26 23:59 408,136 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 23:59 72,704 a------- c:\windows\system32\secur32.dll
2009-08-26 23:59 7,680 a------- c:\windows\system32\lsass.exe
2009-08-26 23:59 272,384 a------- c:\windows\system32\schannel.dll
2009-08-26 23:58 24,064 a------- c:\windows\system32\netcfg.exe
2009-08-26 23:56 4,093,440 a------- c:\windows\system32\NlsLexicons004c.dll
2009-08-26 23:53 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-08-26 23:49 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-26 23:49 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-26 23:49 549,888 a------- c:\windows\system32\rpcss.dll
2009-08-26 23:49 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-08-26 23:49 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-26 23:49 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-08-26 23:49 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-08-26 23:49 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-08-26 23:49 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-08-26 23:49 53,248 a------- c:\windows\system32\iasads.dll
2009-08-26 23:49 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-08-26 23:49 158,720 a------- c:\windows\system32\sdohlp.dll
2009-08-26 23:49 97,280 a------- c:\windows\system32\iasrecst.dll
2009-08-26 23:47 223,232 a------- c:\windows\system32\WMASF.DLL
2009-08-26 23:47 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-08-26 23:47 2,048 a------- c:\windows\system32\asferror.dll
2009-08-26 23:46 25,600 a------- c:\windows\system32\amxread.dll
2009-08-26 23:46 14,848 a------- c:\windows\system32\apilogen.dll
2009-08-26 23:43 441,856 a------- c:\windows\system32\win32spl.dll
2009-08-26 23:43 37,376 a------- c:\windows\system32\printcom.dll
2009-08-26 23:42 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-08-26 23:42 14,848 a------- c:\windows\system32\wshrm.dll
2009-08-26 23:40 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-08-26 23:40 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-26 23:40 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-26 23:40 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-26 23:40 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-26 23:40 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-26 23:40 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-26 23:39 11,776 a------- c:\windows\system32\sbunattend.exe
2009-08-26 23:38 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-08-26 23:37 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-08-26 23:37 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-08-26 23:34 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-26 23:34 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-26 23:34 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-26 23:34 11,264 a------- c:\windows\system32\icardres.dll
2009-08-26 23:34 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-26 23:34 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-26 23:34 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-26 23:34 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-26 23:21 17,760,256 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-26 23:21 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-26 23:21 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-26 23:18 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-26 23:18 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-26 23:18 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-26 23:18 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-26 23:18 83,968 a------- c:\windows\system32\mscories.dll
2009-08-26 22:58 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-08-26 22:58 94,720 a------- c:\windows\system32\logagent.exe
2009-08-26 22:57 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-08-26 22:57 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-08-26 22:57 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-08-26 22:57 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-08-26 22:57 737,792 a------- c:\windows\system32\inetcomm.dll
2009-08-26 22:57 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-26 22:57 152,576 a------- c:\windows\system32\imagehlp.dll
2009-08-26 22:57 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-08-26 22:57 5,120 a------- c:\windows\system32\wmi.dll
2009-08-26 22:57 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-08-26 22:56 1,327,104 a------- c:\windows\system32\quartz.dll
2009-08-26 22:56 633,856 a------- c:\windows\system32\user32.dll
2009-08-26 22:55 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-08-26 22:55 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-26 22:55 750,080 a------- c:\windows\system32\qmgr.dll
2009-08-26 22:54 --d----- c:\users\sandy\Tracing
2009-08-26 22:52 --d----- c:\program files\Microsoft
2009-08-26 22:51 --d----- c:\program files\Windows Live SkyDrive
2009-08-26 22:48 --d----- c:\program files\common files\Windows Live
2009-08-26 22:47 --d----- c:\program files\VideoLAN
2009-08-26 22:45 25 a------- c:\windows\cdplayer.ini
2009-08-26 22:44 --d----- c:\program files\common files\xing shared
2009-08-26 22:43 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-26 22:43 348,160 a------- c:\windows\system32\msvcr71.dll
2009-08-26 22:43 --d----- c:\program files\common files\Real
2009-08-26 22:38 --d----- C:\Downloads
2009-08-26 22:37 --d----- c:\program files\BitComet
2009-08-26 22:08 --d----- c:\programdata\McAfee
2009-08-26 22:06 32,592 a------- c:\windows\system32\msonpmon.dll
2009-08-26 22:02 --d----- c:\windows\PCHEALTH
2009-08-26 22:00 --d----- c:\program files\Microsoft Visual Studio 8
2009-08-26 21:59 --d----- c:\programdata\Microsoft Help
2009-08-26 21:55 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-26 21:55 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-26 21:55 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-26 21:55 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-26 21:49 --d----- c:\windows\system32\vmm32
2009-08-26 21:49 --d----- c:\program files\Dell
2009-08-26 21:48 --dsh--- c:\windows\Installer
2009-08-26 21:42 --d----- c:\users\Sandy

==================== Find3M ====================

2009-09-11 21:41 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-11 21:41 51,200 a------- c:\windows\inf\infpub.dat
2009-09-11 21:41 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-11 21:41 86,016 a------- c:\windows\inf\infstor.dat
2009-08-27 00:47 174 a--sh--- c:\program files\desktop.ini
2009-08-26 23:56 4,045,824 a------- c:\windows\system32\NlsLexicons003e.dll
2009-08-26 23:52 613,888 a------- c:\windows\system32\wpd_ci.dll
2009-08-26 23:46 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-08-26 23:45 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-14 18:16 213,592 a------- c:\windows\system32\drivers\netio.sys
2009-08-14 17:42 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-14 17:40 103,936 a------- c:\windows\system32\netiohlp.dll
2009-08-14 17:40 15,360 a------- c:\windows\system32\netevent.dll
2009-08-14 15:25 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:25 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 15:25 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 15:25 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:25 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 15:25 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 15:25 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:24 813,568 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:23 22,016 a------- c:\windows\system32\netiougc.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe

============= FINISH: 21:33:43.58 ===============

Belahzur

I cannot download anything from my infected laptop, i need to download the file from other PC...

Please help

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-22 22:31:37
Windows 6.0.6000
Running: 3knzrq3y.exe; Driver: C:\Users\Sandy\AppData\Local\Temp\fwroypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hello.
How is the machine running? still getting permission errors on programs like Spybot?

I can run spybot and ad aware but I cannot download anything from the net.

It will prompt me where to save the file on my Laptop, but after finished downloading, i cannot see the file.

Hello.
We'll see if we can fix that soon. For now, I want one more log.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced Woman Calendar 2.8
AVG Free 8.5
BitComet 1.13
CCleaner (remove only)
Dell Resource CD
Dell Support Center
Dell Touchpad
eMule
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.14)
MSVCRT
QuickSet
RAR Password Recovery Magic v6.1.1.21
RealPlayer
SigmaTel Audio
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

BitComet 1.13
eMule

How is the machine running now?

I have already unistalled both programs but still unable to download any filed from the net?

Hello.
Lets update Firefox.

Please download Firefox 3.5.3 and install it. It will install over version 3.0.14 you currently have installed, so you won't lose any bookmarked websites.

The new version usually gives you options for pause button now, does your download stop at 99%?

I have upgraded my firefox to 3.5.3.

It doesn't really stop at 99%

It download to 100%(i think) then the download window disappears, just like a normal download but i cannot see the file i have downloaded

Hello.
Now you have the new version, I can help guide you.

Firefox has two options, run or save. Are you saving it and where is it saving files to?

on my desktop

Hello.
I think I had this glitch once, don't remember why it happened exactly, but the files started to re-appear once I changed the location of my downloads.

Go into the Tools menu > Options. Under the Downloads section, press the Browse button, and change your downloads location.

Doesn't matter to where.
Try download something now and see if the file appears.

I can now see the file after i changed the download location but I cannot open the files i download. for example, i can see the jpeg file i downloaded but cannot open it. I also downloaded the avenger.zip and when i double click it, it says "the archive is either unknown or format or damaged.

I have downloaded the Malwarebytes' Anti-Malware and when i run it, it says "..... is not a valid Win32 application

DDS is the same... not a valid win32 app.

All files that i have downloaded show 0 bytes??

hi Belahzur

I have sorted it out!!! Hurray!

The probelm is my AVG antivirus, once i uninstalled it, my laptop is working fine now.

I would like to thank you for all your help and patience.

Thanks a million

No problem.