Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help with irp virus's?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Help with irp virus's?

Unread postby splash » June 9th, 2011, 8:05 pm

hello i am hoping you can tell me if these driver hook/rootkit infections are bad enough or real, so as to back up and reformat or can it be fixed, i have avg anti virus , and i seem to have no symptoms except avg found 46 rootkits some are whitelisted and cannot be removed,
i have a basic home network and my son got a bunch of virus's the other day on a laptop which doesn't boot now, and my desktop is connected by being the host through a wireless network, could he have spread these viruses through the network?, i think he was on a xp themes site, this was discovered on 6/8/11 it seems all of those are drivers that are supposedly infected..i can send the csv of the avg report? in a zip file too..
hoping i don't have to reformat..
thanks
sincerely
John K
here is the dds reports
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:30:29 on 2011-06-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.232 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\ModPS2Key.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\MemStat XP\MemStat.exe
C:\Program Files\Starfield\WorkspaceUpdate.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\7SP_Files\Styler\Styler.exe
C:\WINDOWS\7SP_Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.accuweather.com/us/pa/wright ... -month.asp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
BHO: IEToolbarBHO Class: {1a1dac8c-074d-440f-8707-7009a672d7d1} - c:\program files\linkedin\ie toolbar\3.2.3.1001\LinkedInIEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Tracker Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - c:\program files\netzero\ucreg.dll
BHO: FBLayouts Plugin: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - c:\program files\fblayouts\fblayouts.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Tracker Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: LinkedIn Toolbar: {bb670d0b-5c46-40c7-b38b-40dd26987723} - c:\program files\linkedin\ie toolbar\3.2.3.1001\LinkedInIEToolbar.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\windows\7sp_files\styler\tb\StylerTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: LinkedIn Toolbar: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\linkedin\ie toolbar\3.2.3.1001\LinkedInIEToolbar.dll
uRun: [MemStat] c:\program files\memstat xp\MemStat.exe
uRun: [wben] "c:\program files\starfield\wben.exe"
uRun: [Starfield Updater] "c:\program files\starfield\WorkspaceUpdate.exe"
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [PlaxoUpdate] c:\documents and settings\owner\local settings\application data\plaxo\3.25.0.87\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\documents and settings\owner\local settings\application data\plaxo\3.25.0.87\PlaxoSysTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Desktop Calendar] c:\program files\desktop calendar\Desktop Calendar.exe
uRun: [qK11n4n5QpCnn] control.exe "c:\program files\dsza5\qK11n4n5QpCnn.cpl",0,1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_15_plus_download_version\TrayServer.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [<NO NAME>]
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... c5Ny1PVTZF"&"inst=NzctNTQzMjI5MzM2LVQyMS1CQSsxLUtWMys3LVhMKzEtRlA5KzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsx"&"prod=90"&"ver=10.0.1204
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\refres~1.lnk - c:\windows\7sp_files\refresh icon cache\Refresh Icon Cache.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\styler~1.lnk - c:\windows\7sp_files\styler\Styler.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\visual~1.lnk - c:\windows\7sp_files\visualtasktips\VisualTaskTips.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\yzshadow.lnk - c:\windows\7sp_files\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_2cd672ae.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: secureserver.net\email
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0E9F625F-EBF5-44B1-A866-A4CC6E400ECE} : DhcpNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2010-6-12 10368]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1215216]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-1-7 54760]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HDThemeEnabler.exe [2008-7-21 106496]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2011-1-28 44432]
R3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2009-6-17 17376]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2011-6-8 3584]
S2 CLBUDFR;CyberLink UDF Filesystem; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-23 1691480]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-3-18 23456]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2009-1-17 69692]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2011-1-27 1527900]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8e.tmp --> c:\windows\system32\8E.tmp [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-03-13 04:47:03 0 ----a-w- C:\_@2EB.tmp
.
============= FINISH: 15:32:24.98 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/17/2009 8:53:01 PM
System Uptime: 6/8/2011 5:12:36 PM (22 hours ago)
.
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Intel Celeron processor | Socket 775 | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 25.229 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 3.43 GiB free.
E: is CDROM ()
G: is Removable
I: is FIXED (FAT32) - 149 GiB total, 31.293 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP374: 3/11/2011 11:18:01 AM - System Checkpoint
RP375: 3/12/2011 1:09:34 PM - System Checkpoint
RP376: 3/12/2011 7:16:27 PM - Installed Hyperdesk - Sony Ericsson Onyx Series.
RP377: 3/13/2011 1:37:29 AM - Installed Windows Media Player 11
RP378: 3/13/2011 1:42:28 AM - Installed Windows XP MSCompPackV1.
RP379: 3/13/2011 7:16:46 PM - Installed Java(TM) 6 Update 22
RP380: 3/13/2011 7:21:08 PM - Removed OpenOffice.org 3.2
RP381: 3/13/2011 7:25:04 PM - Installed OpenOffice.org 3.3
RP382: 3/13/2011 7:55:03 PM - Restore Operation
RP383: 3/14/2011 11:17:32 PM - System Checkpoint
RP384: 3/15/2011 12:28:14 PM - Installed Windows Media Player 11
RP385: 3/15/2011 12:33:43 PM - Installed Windows XP MSCompPackV1.
RP386: 3/16/2011 6:40:25 PM - System Checkpoint
RP387: 3/17/2011 7:34:43 PM - System Checkpoint
RP388: 3/19/2011 1:43:23 AM - System Checkpoint
RP389: 3/20/2011 2:19:53 AM - System Checkpoint
RP390: 3/21/2011 2:38:02 AM - System Checkpoint
RP391: 3/22/2011 3:31:25 AM - System Checkpoint
RP392: 3/22/2011 4:05:58 PM - Installed COMODO Internet Security
RP393: 3/22/2011 4:53:58 PM - Removed AVG 2011
RP394: 3/22/2011 4:56:36 PM - Removed AVG 2011
RP395: 3/22/2011 5:08:22 PM - Avira AntiVir Personal - 3/22/2011 17:07
RP396: 3/22/2011 9:36:08 PM - Removed COMODO Internet Security
RP397: 3/22/2011 9:58:49 PM - Installed AVG 2011
RP398: 3/22/2011 10:02:38 PM - Installed AVG 2011
RP399: 3/23/2011 10:28:35 PM - Made by Regsofts
RP400: 3/24/2011 8:29:19 AM - Software Distribution Service 3.0
RP401: 3/25/2011 12:00:13 PM - System Checkpoint
RP402: 3/26/2011 2:20:48 PM - System Checkpoint
RP403: 3/27/2011 3:31:48 PM - System Checkpoint
RP404: 3/28/2011 8:57:34 PM - System Checkpoint
RP405: 3/29/2011 5:13:02 PM - Software Distribution Service 3.0
RP406: 3/29/2011 6:08:52 PM - Software Distribution Service 3.0
RP407: 3/31/2011 11:39:27 AM - System Checkpoint
RP408: 4/1/2011 11:58:03 AM - System Checkpoint
RP409: 4/2/2011 3:40:22 PM - System Checkpoint
RP410: 4/3/2011 4:06:51 PM - System Checkpoint
RP411: 4/4/2011 10:27:35 PM - System Checkpoint
RP412: 4/5/2011 11:11:43 PM - System Checkpoint
RP413: 4/7/2011 12:40:16 PM - System Checkpoint
RP414: 4/8/2011 2:06:09 PM - System Checkpoint
RP415: 4/9/2011 4:41:03 PM - System Checkpoint
RP416: 4/10/2011 5:32:35 PM - System Checkpoint
RP417: 4/11/2011 5:33:40 PM - System Checkpoint
RP418: 4/12/2011 6:49:30 PM - System Checkpoint
RP419: 4/13/2011 7:19:43 PM - System Checkpoint
RP420: 4/14/2011 8:18:52 PM - System Checkpoint
RP421: 4/15/2011 3:01:25 AM - Software Distribution Service 3.0
RP422: 4/16/2011 3:13:24 AM - System Checkpoint
RP423: 4/17/2011 4:27:25 AM - System Checkpoint
RP424: 4/18/2011 4:56:29 AM - System Checkpoint
RP425: 4/19/2011 9:24:10 AM - System Checkpoint
RP426: 4/20/2011 9:47:53 AM - System Checkpoint
RP427: 4/21/2011 10:00:59 AM - System Checkpoint
RP428: 4/22/2011 1:04:11 PM - System Checkpoint
RP429: 4/23/2011 3:28:15 PM - System Checkpoint
RP430: 4/25/2011 1:38:36 AM - System Checkpoint
RP431: 4/26/2011 2:11:00 AM - System Checkpoint
RP432: 4/27/2011 2:23:27 AM - System Checkpoint
RP433: 4/27/2011 7:55:41 PM - Software Distribution Service 3.0
RP434: 4/28/2011 7:58:33 PM - System Checkpoint
RP435: 4/29/2011 8:49:00 PM - System Checkpoint
RP436: 4/30/2011 9:52:50 PM - System Checkpoint
RP437: 5/2/2011 1:57:32 AM - System Checkpoint
RP438: 5/3/2011 2:32:45 AM - System Checkpoint
RP439: 5/4/2011 9:40:59 PM - System Checkpoint
RP440: 5/5/2011 11:13:29 PM - System Checkpoint
RP441: 5/6/2011 11:43:21 PM - System Checkpoint
RP442: 5/8/2011 12:00:51 AM - System Checkpoint
RP443: 5/9/2011 1:07:59 PM - System Checkpoint
RP444: 5/10/2011 1:21:52 PM - System Checkpoint
RP445: 5/11/2011 3:00:52 AM - Software Distribution Service 3.0
RP446: 5/12/2011 3:56:20 AM - System Checkpoint
RP447: 5/13/2011 4:02:45 AM - System Checkpoint
RP448: 5/14/2011 4:48:55 AM - System Checkpoint
RP449: 5/15/2011 4:54:13 AM - System Checkpoint
RP450: 5/16/2011 5:53:50 AM - System Checkpoint
RP451: 5/17/2011 12:14:43 AM - Installed AVG 2011
RP452: 5/17/2011 12:16:32 AM - Removed AVG 2011
RP453: 5/17/2011 12:20:30 AM - Installed AVG 2011
RP454: 5/17/2011 12:31:31 AM - Removed AVG 2011
RP455: 5/18/2011 12:33:59 AM - System Checkpoint
RP456: 5/19/2011 12:42:54 AM - System Checkpoint
RP457: 5/20/2011 1:09:18 AM - System Checkpoint
RP458: 5/21/2011 1:28:53 AM - System Checkpoint
RP459: 5/22/2011 2:20:10 AM - System Checkpoint
RP460: 5/23/2011 2:35:06 AM - System Checkpoint
RP461: 5/24/2011 1:45:48 PM - System Checkpoint
RP462: 5/25/2011 8:39:14 PM - System Checkpoint
RP463: 5/26/2011 11:37:13 PM - System Checkpoint
RP464: 5/27/2011 9:42:09 AM - Software Distribution Service 3.0
RP465: 5/28/2011 11:29:09 AM - System Checkpoint
RP466: 5/29/2011 1:17:30 PM - System Checkpoint
RP467: 5/30/2011 1:59:32 PM - System Checkpoint
RP468: 5/31/2011 2:15:47 PM - System Checkpoint
RP469: 6/1/2011 2:24:30 PM - System Checkpoint
RP470: 6/2/2011 4:05:47 PM - System Checkpoint
RP471: 6/3/2011 4:22:33 PM - System Checkpoint
RP472: 6/5/2011 3:18:22 AM - System Checkpoint
RP473: 6/6/2011 4:05:15 AM - System Checkpoint
RP474: 6/7/2011 4:41:18 AM - System Checkpoint
RP475: 6/8/2011 5:00:10 AM - System Checkpoint
RP476: 6/9/2011 11:33:55 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.2.6
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Agere Systems PCI-SV92PP Soft Modem
AIM 7
AIM Toolbar
AiO_Scan_CDA
AiOSoftwareNPI
AOL Lifestream
Apple Application Support
Apple Software Update
ArcSoft DPF Package for MediaImpression
ArcSoft PhotoEdit Package for MediaImpression
ArcSoft Video Package for MediaImpression
AVG 2011
AVG PC Tuneup 2011
BearShare
BearShare Test
Belarc Advisor 8.1
Bible Explorer 4 Ryrie Study Bible
Bing Bar
Bing Bar Platform
Bloom
Browser Address Error Redirector
BufferChm
C3100
c3100_Help
CA Pest Patrol Realtime Protection
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner
CollageIt 1.1.9
Comcast Desktop Software (v1.2.0.9)
Comcast Toolbar 3.5
Defraggler
Desktop Calendar
Desktop Doctor
Destinations
Device Doctor 1.0.0.1
DeviceManagementQFolder
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DrawPlus 3.0
DriveImage XML
DriverAgent by eSupport.com
DVD Flick 1.3.0.7
DVD Identifier
DVD Suite
eMachines Connect
eMachines Games
EssentialPIM
eSupportQFolder
Evrsoft First Page 2006
Facebook Plug-In
Fax_CDA
FileHippo.com Update Checker
Firebird SQL Server - MAGIX Edition
Folder Size for Windows
Forest Scenery Screensaver
FormatFactory 2.60
Free Download Manager 3.0
Free Window Registry Repair
GiPo@MoveOnBoot 1.9.5
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.1.0.366
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
Hyperdesk - Crysis Warhead
ImgBurn
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) Integrated Performance Primitives RTI 4.0
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 6.8.6 (Full)
LinkedIn Internet Explorer Toolbar
Logitech Legacy USB Camera Driver Package
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
MAGIX 3D Maker (embeded)
MAGIX Movie Edit Pro 15 Plus Download version 8.0.5.8 (UK)
MAGIX Screenshare 4.3.6.1987 (UK)
Malwarebytes' Anti-Malware
Media Player Utilities 5.20
MemStat XP (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets and Trips 2005
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Moffsoft FreeCalc
Move Media Player
Moyea FLV Player version: 2.0.2.96
Moyea YouTube FLV Downloader version: 3.1.2.26
Mp3 File Editor 5.11 (standard)
msTTS Mike and Mary Voices
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
msxml4
MyColors2
NetZero Connection Wizard
NetZero Internet
OCR Software by I.R.I.S 7.0
OpenLibraries
OpenOffice.org 3.2
Outlook Express Quick Backup
PanoStandAlone
PaperPort 8.0 SE
PDF-Viewer
PDFCreator
PE Builder 3.1.10a
Photo Resizer 1.06 (Free version)
PhotoScape
PhotoStitch
Picasa 3
Plaxo Toolbar for Windows
Power2Go 5.0
PowerDVD
ProductContextNPI
PS2 Multimedia Keyboard Driver
QuickBooks Premier: Accountant Edition 2008
QuickTime
RadioSure
RAW Image Task
Readme
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Recovery Software Suite eMachines
RemoteCapture Task
Samsung Music Studio
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB913433)
Segoe UI
Shape Collage
Shockwave
SlimDrivers
SolutionCenter
Sophos Anti-Rootkit 1.5.4
SpeedFan (remove only)
Status
Sunset On The Beach Screensaver
SUPERAntiSpyware
SupportSoft Assisted Service
System Requirements Lab for Intel
The Print Shop
Theme Manager (Free)old
Toolbox
TrayApp
Tweaker for Outlook Express
Tweakui Powertoy for Windows XP
U3Launcher
UDF Reader 5.0
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
ViOrb
Visioneer OneTouch 7300
VLC media player 1.1.9
WD Diagnostics
WDtransitionInstall_GD
WebFldrs XP
WebReg
Windows Backup Utility
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition Screen Saver Screen Saver
Windows XP Service Pack 3
Windows XP Winter Fun Pack for Windows Movie Maker 2
Workspace Desktop
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Youtube Video Downloader 3.16
YP-MT6
.
==== Event Viewer Messages From Past Week ========
.
6/8/2011 11:25:38 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
6/8/2011 11:23:27 AM, error: Service Control Manager [7000] - The CyberLink UDF Filesystem service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
I also have a log of what avg came up with
should i post this too
?
here it is
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\ViaIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\AliIde IRP_MJ_POWER -> PCIIDEX.SYS +0x692";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\AliIde IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\AliIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\ViaIde IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_INTERNAL_DEVICE_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2E38";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_POWER -> PCIIDEX.SYS +0x692";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\PCIIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_PNP -> PCIIDEX.SYS PciIdeXDebugPrint+0x2D80";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\IntelIde IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"IRP hook, \Driver\AliIde IRP_MJ_INTERNAL_DEVICE_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2E38";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_SYSTEM_CONTROL -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_READ -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_POWER -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_DEVICE_CONTROL -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_WRITE -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, \Driver\HidUsb IRP_MJ_PNP -> HIDCLASS.SYS +0x1902";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_PNP -> CLASSPNP.SYS ClassDebugPrint+0x6FB";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_SYSTEM_CONTROL -> CLASSPNP.SYS ClassInitialize+0x666";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_POWER -> CLASSPNP.SYS ClassForwardIrpSynchronous+0xD8";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_SHUTDOWN -> CLASSPNP.SYS ClassIoComplete+0xEF";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_INTERNAL_DEVICE_CONTROL -> CLASSPNP.SYS ClassInternalIoControl";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_DEVICE_CONTROL -> CLASSPNP.SYS ClassIoComplete+0x1C8";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_FLUSH_BUFFERS -> CLASSPNP.SYS ClassIoComplete+0xEF";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_WRITE -> CLASSPNP.SYS ClassCompleteRequest+0x13C";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_READ -> CLASSPNP.SYS ClassCompleteRequest+0x13C";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_CLOSE -> CLASSPNP.SYS ClassDebugPrint+0x618";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"IRP hook, \Driver\Disk IRP_MJ_CREATE -> CLASSPNP.SYS ClassDebugPrint+0x618";"Object is white-listed (critical/system file that should not be removed)"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_u3 IRP_MJ_POWER -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_u3 IRP_MJ_SYSTEM_CONTROL -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_u3 IRP_MJ_PNP -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_u3 DriverStartIo -> SCSIPORT.SYS ScsiPortGetUncachedExtension+0x1F06";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_hi IRP_MJ_SYSTEM_CONTROL -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_hi IRP_MJ_PNP -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\sym_hi DriverStartIo -> SCSIPORT.SYS ScsiPortGetUncachedExtension+0x1F06";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\symc8xx IRP_MJ_PNP -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\symc8xx DriverStartIo -> SCSIPORT.SYS ScsiPortGetUncachedExtension+0x1F06";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_CREATE -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_CLOSE -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_DEVICE_CONTROL -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_INTERNAL_DEVICE_CONTROL -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_POWER -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_SYSTEM_CONTROL -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m IRP_MJ_PNP -> SCSIPORT.SYS +0x44C";"Object is hidden"
"";"C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS";"IRP hook, \Driver\adpu160m DriverStartIo -> SCSIPORT.SYS ScsiPortGetUncachedExtension+0x1F06";"Object is hidden"
splash
Active Member
 
Posts: 3
Joined: June 9th, 2011, 3:23 pm
Location: York,PA
Advertisement
Register to Remove

Re: Please Help with irp virus's?

Unread postby melboy » June 11th, 2011, 6:51 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=======================================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate µTorrent and click on the Change/Remove button to uninstall it.
  • Repeat for BearShare and BearShare Test .
  • Close Add/Remove Programs and Control Panel when done.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.



Registry Cleaners

Re. Free Window Registry Repair

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on reg cleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.

This post by Bill Castner is very informative: WhatTheTech Forum



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under the Custom Scan box paste this in:
    (Do Not include code:)
    Code: Select all
    %Program files%\dsza5\qK11n4n5QpCnn.cpl /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update|AUOptions /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.



CKScanner

Download CKScanner from here

  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.




In your next reply:
  1. OTL.txt
  2. Extras.txt
  3. CKFiles.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Please Help with irp virus's?

Unread postby melboy » June 13th, 2011, 5:22 pm

Hi splash

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Please Help with irp virus's?

Unread postby splash » June 14th, 2011, 1:14 am

sorry i had to work, i do need a bit more time..thank you
splash
Active Member
 
Posts: 3
Joined: June 9th, 2011, 3:23 pm
Location: York,PA

Re: Please Help with irp virus's?

Unread postby melboy » June 14th, 2011, 2:36 am

OK. Please reply asap.

Topics can be closed after 3 days without the requested information being posted.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Please Help with irp virus's?

Unread postby NonSuch » June 17th, 2011, 2:26 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware