Security Software Unable to Install any AV or run Online Scans

sumeetsingh · Sep 7, 2009

Hi ppl,

Recently my laptop started with weird problems...

Task Manager was disabled.. Avast AV stopped coming in tray bar and was also unable to access it manually....

Fixed Task Manager (Googled it) :
Click on Start, Run and type the following command exactly and press Enter

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

That was fixed however Avast was not showing up.. wanted to run scan however was unable as Avast not working.. Tried updating and repairing from Add/Remove programs, no joy... So finally uninstalled it...

Tried to run online scans but unable to run any....

Installed "Hijack This".. unable to run.. gives error: windows unable to access the specific path or file or ext. .. u may not have appropriate permission to access the file..

Tried Panda AV also.. It installed (With some errors like unable to rename some files) but failed to run..

Ran combofix... it deleted some stuffs...

Tried installing other AV and anti-spyware, adware, malware... but everytime getting error related to unable to change name of some files

BTW, Panda is uninstalled now... and safe modes not working.. whenever I try safemodes, get blue screen and system restarts...

Win XP SP2
Compaq M2000

What to do??

Help:S

sumeetsingh · Sep 7, 2009

Code:

ComboFix 09-09-06.03 - Sunny 09/07/2009 10:57.2.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.222.48 [GMT 5.5:30]
Running from: c:\documents and settings\Sunny\My Documents\My Completed Downloads\xxx.exe.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security 2006 *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2010.lnk
c:\documents and settings\Sunny\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2010.lnk
c:\windows\system32\accies98.dll
c:\windows\system32\acciesx2.sys
c:\windows\system32\acpiz.dll
c:\windows\system32\acup.sys
c:\windows\system32\aeskap.dll
c:\windows\system32\agpbrdg0.dll
c:\windows\system32\apicrypt.dll
c:\windows\system32\asplg.sys
c:\windows\system32\atietaxx.dll
c:\windows\system32\atietbxx.sys
c:\windows\system32\avpe32.dll
c:\windows\system32\avpe64.sys
c:\windows\system32\avpx32.dll
c:\windows\system32\avpx32.sys
c:\windows\system32\avpx64.sys
c:\windows\system32\axxt32.dll
c:\windows\system32\axxt32.sys
c:\windows\system32\axxt64.sys
c:\windows\system32\bmtdhh.dll
c:\windows\system32\bootrom8.dll
c:\windows\system32\bpk.dat
c:\windows\system32\bpk.exe
c:\windows\system32\browsemu.dll
c:\windows\system32\clbdll.dll
c:\windows\system32\clbinit.dll
c:\windows\system32\core3.sys
c:\windows\system32\cryptmd5.dll
c:\windows\system32\ctasys.dll
c:\windows\system32\ddram.sys
c:\windows\system32\DefLib.sys
c:\windows\system32\desmsg.dll
c:\windows\system32\digeste.dll
c:\windows\system32\divxps.dll
c:\windows\system32\Dll.dll
c:\windows\system32\dprot.sys
c:\windows\system32\drivers\ati0qaxx.sys
c:\windows\system32\drivers\ati2xhxx.sys
c:\windows\system32\drivers\ati4irxx.sys
c:\windows\system32\drivers\ctl_w32.sys
c:\windows\system32\drivers\lojlig.sys
c:\windows\system32\drivers\mgcscrd.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\msliksurserv.sys
c:\windows\system32\drivers\msvtch.sys
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\drivers\parport32.sys
c:\windows\system32\drivers\qandr.sys
c:\windows\system32\drivers\resdr32.sys
c:\windows\system32\drivers\reveal32.sys
c:\windows\system32\drivers\SROUTE.SYS
c:\windows\system32\drivers\ss.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\symavc32.sys
c:\windows\system32\drivers\tdlserv.sys
c:\windows\system32\drivers\TPLinks.sys
c:\windows\system32\drop1.dll
c:\windows\system32\drop2.sys
c:\windows\system32\dx9sr.sys
c:\windows\system32\dxtpdh.sys
c:\windows\system32\dxtpdx.dll
c:\windows\system32\emul37.sys
c:\windows\system32\emul65.dll
c:\windows\system32\emul65.sys
c:\windows\system32\gdowxp.dll
c:\windows\system32\gzipmod.dll
c:\windows\system32\gzvba.sys
c:\windows\system32\hinet.dll
c:\windows\system32\i975gl.dll
c:\windows\system32\idersrvc.sys
c:\windows\system32\inst.dat
c:\windows\system32\intel64.exe
c:\windows\system32\iokey.dll
c:\windows\system32\iokey.sys
c:\windows\system32\ipfwrd.dll
c:\windows\system32\ipfwrd.sys
c:\windows\system32\irptp.sys
c:\windows\system32\itcom.sys
c:\windows\system32\java2.sys
c:\windows\system32\javavm1.dll
c:\windows\system32\ke32paag.dll
c:\windows\system32\ke32psag.sys
c:\windows\system32\kedes.sys
c:\windows\system32\kednl2.sys
c:\windows\system32\KernelDrv.exe
c:\windows\system32\kernelwind32.exe
c:\windows\system32\keystrokes.html
c:\windows\system32\kirdam.dll
c:\windows\system32\klite.sys
c:\windows\system32\krnllds.sys
c:\windows\system32\kwave.sys
c:\windows\system32\l33t.dat
c:\windows\system32\l33t.exe
c:\windows\system32\lanH32.dll
c:\windows\system32\lanH64.sys
c:\windows\system32\lanmui.dll
c:\windows\system32\lannui.sys
c:\windows\system32\mckwave.dll
c:\windows\system32\mcrwave.dll
c:\windows\system32\md5hsh.dll
c:\windows\system32\mdhash.dll
c:\windows\system32\mdhsh.sys
c:\windows\system32\mjva.sys
c:\windows\system32\mmcta.sys
c:\windows\system32\mmmhaiha.dll
c:\windows\system32\mmmnqgnq.dll
c:\windows\system32\mmmqbnqb.dll
c:\windows\system32\mmmsfusf.dll
c:\windows\system32\mmmuaeua.dll
c:\windows\system32\mmsw72w72.dll
c:\windows\system32\mmx4xm.sys
c:\windows\system32\mmx4xt.dll
c:\windows\system32\mmxf32.dll
c:\windows\system32\mmxf64.sys
c:\windows\system32\modgzip.dll
c:\windows\system32\msdvdr.dat
c:\windows\system32\msdvdr.pif
c:\windows\system32\msindeo.dll
c:\windows\system32\msliksurcredo.dll
c:\windows\system32\msliksurdns.dll
c:\windows\system32\Mspdnx.dll
c:\windows\system32\msvtch.sys
c:\windows\system32\mswsag.sys
c:\windows\system32\msxcgxc.dll
c:\windows\system32\msxlop.dll
c:\windows\system32\mt49hub.dll
c:\windows\system32\navdpu.sys
c:\windows\system32\navdqu.dll
c:\windows\system32\netwp.dll
c:\windows\system32\netwp.sys
c:\windows\system32\netwrp.dll
c:\windows\system32\nmk4.dat
c:\windows\system32\ntio256.sys
c:\windows\system32\ntos.exe
c:\windows\system32\ntpdxt.dll
c:\windows\system32\ntpdxt.sys
c:\windows\system32\NTvsx.dll
c:\windows\system32\nvmapi.sys
c:\windows\system32\nvnapi.sys
c:\windows\system32\oedes.dll
c:\windows\system32\oembios.exe
c:\windows\system32\p435ikrd.sys
c:\windows\system32\pcixm.sys
c:\windows\system32\pcixmm.dll
c:\windows\system32\pk.bin
c:\windows\system32\pluginst.dll
c:\windows\system32\powerxt.dll
c:\windows\system32\pptp16.dll
c:\windows\system32\pptp24.sys
c:\windows\system32\pptp32.dll
c:\windows\system32\pptp64.sys
c:\windows\system32\priarsz.dll
c:\windows\system32\protector.exe
c:\windows\system32\qo.dll
c:\windows\system32\qo.sys
c:\windows\system32\qy.sys
c:\windows\system32\rbadma.sys
c:\windows\system32\rbadmm.dll
c:\windows\system32\rd.dll
c:\windows\system32\rd.sys
c:\windows\system32\rdsync.sys
c:\windows\system32\rgbopx.dll
c:\windows\system32\rkskt.sys
c:\windows\system32\rksocket.dll
c:\windows\system32\rmk8ot.dll
c:\windows\system32\rmk9ot.sys
c:\windows\system32\rotw.sys
c:\windows\system32\routew.dll
c:\windows\system32\rssync.dll
c:\windows\system32\rxx5ot.dll
c:\windows\system32\rxx6ot.sys
c:\windows\system32\sbfxi.dll
c:\windows\system32\sd.dll
c:\windows\system32\sd.sys
c:\windows\system32\sdra64.exe
c:\windows\system32\skyu16.dll
c:\windows\system32\skyx16.dll
c:\windows\system32\skyx24.sys
c:\windows\system32\smspufpu.dll
c:\windows\system32\sndu32.dll
c:\windows\system32\sndu64.sys
c:\windows\system32\snjava.dll
c:\windows\system32\socketx113.sys
c:\windows\system32\sphub.dll
c:\windows\system32\sphub.sys
c:\windows\system32\spndt.sys
c:\windows\system32\surrd.sys
c:\windows\system32\swapdm.dll
c:\windows\system32\swapm.sys
c:\windows\system32\syncmc.sys
c:\windows\system32\syncps.dll
c:\windows\system32\syslink.dll
c:\windows\system32\syswrk.dll
c:\windows\system32\tcpr32.dll
c:\windows\system32\tdlbop.dll
c:\windows\system32\tdlsoui.flag
c:\windows\system32\tomto.dll
c:\windows\system32\tomto.sys
c:\windows\system32\twex.exe
c:\windows\system32\twext.exe
c:\windows\system32\upperhost.dll
c:\windows\system32\vbagz.sys
c:\windows\system32\vdmt16.sys
c:\windows\system32\vinm32.dll
c:\windows\system32\vinm32.sys
c:\windows\system32\vinm64.sys
c:\windows\system32\vistaj.sys
c:\windows\system32\vistax.dll
c:\windows\system32\web.dat
c:\windows\system32\websites.html
c:\windows\system32\wincom32.sys
c:\windows\system32\winlow.sys
c:\windows\system32\winm32.dll
c:\windows\system32\winm32.sys
c:\windows\system32\winm64.sys
c:\windows\system32\winvsx.sys
c:\windows\system32\wmdrtc32.dl_
c:\windows\system32\wmdrtc32.dll
c:\windows\system32\wnmicf.dll
c:\windows\system32\wnmicf.sys
c:\windows\system32\wnmifc.sys
c:\windows\system32\wrapk.sys
c:\windows\system32\wrapkm.dll
c:\windows\system32\wsmsag.dll
c:\windows\system32\wsmsag.sys
c:\windows\system32\wsnpoem.exe
c:\windows\system32\wsnpoema.exe
c:\windows\system32\xatcore.dll
c:\windows\system32\xcttgm.sys
c:\windows\system32\xcttgs.dll
c:\windows\system32\xdudmm.sys
c:\windows\system32\xdudtt.dll
c:\windows\system32\xlift.sys
c:\windows\system32\xliftm.dll
c:\windows\system32\xmsk32.dll
c:\windows\system32\xmsk64.sys
c:\windows\system32\xopptp.dll
c:\windows\system32\xopptp.sys
c:\windows\system32\xprot.sys
c:\windows\system32\xptpmm.sys
c:\windows\system32\xptptt.dll
c:\windows\system32\ycsrgb.sys
c:\windows\system32\ycsvga.sys
c:\windows\system32\ydsvgd.dll
c:\windows\system32\ydsvgd.sys
c:\windows\system32\yvbb01.dll
c:\windows\system32\yvbb01.sys
c:\windows\system32\yvbb02.sys
c:\windows\system32\yvpp01.dll
c:\windows\system32\yvpp02.sys
c:\windows\system32\yvprgb.dll
c:\windows\system32\yvprgb.sys
c:\windows\system32\yvsvga.dll
c:\windows\system32\yvsvga.sys
c:\windows\system32\zq.dll
c:\windows\system32\zq.sys

.
(((((((((((((((((((((((((   Files Created from 2009-08-07 to 2009-09-07  )))))))))))))))))))))))))))))))
.

2009-09-07 05:46 . 2009-09-07 05:48	40960	----a-w-	c:\windows\system32\wmdrtc32.dll
2009-09-07 05:43 . 2009-09-07 05:43	--------	d-----w-	c:\documents and settings\Sunny\Local Settings\Application Data\Panda Security
2009-09-07 05:33 . 2009-09-07 05:33	96256	----a-w-	c:\windows\system32\drivers\_sptd2701.sys_.vir
2009-09-07 05:33 . 2009-09-07 05:33	643072	----a-w-	c:\windows\system32\drivers\_sptd.sys_.vir
2009-09-07 05:33 . 2009-09-07 05:33	48556	----a-w-	c:\windows\system32\drivers\_SktBt2k.sys_.vir
2009-09-07 05:33 . 2009-09-07 05:33	48076	----a-w-	c:\windows\system32\drivers\_Sio9502k.sys_.vir
2009-09-07 05:33 . 2009-09-07 05:33	51328	----a-w-	c:\windows\system32\drivers\_rasl2tp.sys_.vir
2009-09-07 05:33 . 2009-09-07 05:33	52736	----a-w-	c:\windows\system32\drivers\_i8042prt.sys_.vir
2009-09-07 05:33 . 2009-09-07 05:33	53248	----a-w-	c:\windows\system32\drivers\_1394bus.sys_.vir
2009-09-07 05:27 . 2009-09-07 05:27	6736	----a-w-	c:\windows\system32\drivers\PROCEXP90.SYS
2009-09-07 05:22 . 2009-09-07 05:21	388608	----a-w-	c:\windows\system32\CF8661.exe
2009-09-07 05:00 . 2009-09-07 05:00	--------	d-----w-	c:\windows\system32\PAV
2009-09-07 04:59 . 2009-09-07 04:59	--------	d-----w-	c:\documents and settings\Sunny\Application Data\Panda Security
2009-09-07 04:59 . 2009-09-07 05:03	--------	d-----w-	c:\program files\Panda Security
2009-09-07 04:59 . 2009-09-07 04:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Panda Security
2009-09-07 04:56 . 2009-06-02 07:42	177416	----a-w-	c:\windows\system32\drivers\PavProc.sys
2009-09-07 04:56 . 2008-03-04 10:29	41144	----a-w-	c:\windows\system32\drivers\ShlDrv51.sys
2009-09-07 04:56 . 2009-09-07 04:56	--------	d-----w-	c:\program files\Common Files\Panda Security
2009-09-06 10:40 . 2009-09-06 10:40	--------	d-----w-	c:\program files\MSSOAP
2009-09-06 10:39 . 2009-09-06 10:39	--------	d-----w-	c:\program files\Webroot
2009-09-05 22:10 . 2009-09-05 22:10	--------	d-----w-	c:\documents and settings\Sunny\Application Data\PCToolsFirewallPlus
2009-09-05 22:10 . 2009-09-05 22:10	--------	d-----w-	c:\documents and settings\Sunny\Application Data\PCToolsSpamMonitorPlus
2009-09-05 21:58 . 2009-09-05 22:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2009-09-02 23:17 . 2008-07-15 17:19	67072	--sh--w-	C:\sbsb.exe
2009-09-02 23:16 . 2008-07-15 17:19	67072	--sh--w-	c:\windows\system32\sbsb.exe
2009-09-02 23:16 . 2009-09-07 05:48	5477	----a-w-	c:\windows\system32\drivers\ouljjm.sys
2009-08-14 05:43 . 2009-08-14 05:43	10000	--sha-r-	c:\windows\system32\.vbe
2009-08-11 06:44 . 2009-08-11 06:44	--------	d-----w-	c:\documents and settings\Sunny\Local Settings\Application Data\Shareaza
2009-08-11 06:42 . 2009-08-11 06:42	--------	d-----w-	c:\documents and settings\Sunny\Application Data\.BitTornado

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 05:47 . 2004-08-04 08:00	4224	----a-w-	c:\windows\system32\drivers\beep.sys
2009-09-07 04:59 . 2005-05-23 19:49	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-05 22:48 . 2008-09-25 13:48	--------	d-----w-	c:\program files\Google
2009-09-05 22:19 . 2008-06-29 14:09	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 09:53 . 2009-08-08 02:00	--------	d-----w-	c:\program files\BitComet
2009-09-03 01:28 . 2008-06-03 16:43	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2009-09-02 22:25 . 2008-06-06 00:14	96256	----a-w-	c:\windows\system32\drivers\sptd2701.sys
2009-09-02 10:15 . 2009-08-01 03:05	--------	d-----w-	c:\program files\ABN
2009-08-26 22:08 . 2005-12-20 12:29	87336	-c--a-w-	c:\documents and settings\Sunny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 18:10 . 2009-08-07 07:09	--------	d-----w-	c:\documents and settings\Sunny\Application Data\Azureus
2009-08-25 18:10 . 2008-06-29 14:03	--------	d-----w-	c:\documents and settings\Sunny\Application Data\uTorrent
2009-08-11 06:37 . 2009-08-07 07:08	--------	d-----w-	c:\program files\Vuze
2009-08-08 01:59 . 2009-08-08 01:46	--------	d-----w-	c:\documents and settings\Sunny\Application Data\deluge
2009-08-08 01:55 . 2009-08-08 01:48	--------	d-----w-	c:\documents and settings\Sunny\Application Data\gtk-2.0
2009-08-07 07:09 . 2009-08-07 07:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\Azureus
2009-08-06 06:12 . 2009-08-06 06:12	10000	--sh--r-	c:\windows\.vbe
2009-08-01 03:05 . 2009-08-01 03:05	315392	------w-	c:\windows\Setup1.exe
2009-08-01 03:05 . 2009-08-01 03:05	101888	----a-w-	c:\windows\ST6UNST.EXE
2009-07-19 12:10 . 2009-07-19 12:10	--------	d-----w-	c:\program files\Belkin
2009-07-03 12:12 . 2009-03-27 04:26	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-06-26 09:24 . 2008-06-12 23:05	223128	----a-w-	c:\windows\system32\drivers\dtscsi.sys
2009-03-05 12:38 . 2009-05-16 00:23	61440	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
2008-10-05 15:05 . 2008-10-05 12:36	3146784	--sha-w-	c:\windows\fidbox.dat
2008-07-15 17:19 . 2009-09-02 23:16	67072	--sh--w-	c:\windows\system32\sbsb.exe
.

sumeetsingh · Sep 7, 2009

LOG Contd:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sbsb"="c:\windows\system32\sbsb.exe" [2008-07-15 67072]

"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-06-05 574720]

"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-04-21 56064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"PC235152401993"=".vbe" - c:\windows\system32\.vbe [2009-08-14 10000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360hotfix.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiArp.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair.COM]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfw.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safebank.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]

"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÃƒÃƒÅ¾Ã‚Â¸Ã‚Â´Ã‚Â¹Ã‚Â¤Ã‚Â¾ÃƒÅ¸.exe]

"Debugger"=ntsd -d

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^1-Click Answers.lnk]

backup=c:\windows\pss\1-Click Answers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk

backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]

backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link AirPlus G+ Wireless Adapter Utility.lnk]

backup=c:\windows\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]

backup=c:\windows\pss\WordWeb.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SymAppCore"=2 (0x2)

"Symantec Core LC"=3 (0x3)

"LiveUpdate"=3 (0x3)

"CLTNetCnService"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"wwSecSvc"=2 (0x2)

"ISPwdSvc"=3 (0x3)

"NBService"=3 (0x3)

"WZCSVC"=2 (0x2)

"usnjsvc"=3 (0x3)

"ose"=3 (0x3)

"IDriverT"=3 (0x3)

"avg8wd"=2 (0x2)

"LightScribeService"=2 (0x2)

"wuauserv"=2 (0x2)

"avast! Mail Scanner"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

sumeetsingh · Sep 7, 2009

LOG Contd:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sbsb"="c:\windows\system32\sbsb.exe" [2008-07-15 67072]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-04-21 56064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"PC235152401993"=".vbe" - c:\windows\system32\.vbe [2009-08-14 10000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360hotfix.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AntiArp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFWSvc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair.COM]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvfw.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safebank.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÃƒÃƒÅ¾Ã‚Â¸Ã‚Â´Ã‚Â¹Ã‚Â¤Ã‚Â¾ÃƒÅ¸.exe]
"Debugger"=ntsd -d

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^1-Click Answers.lnk]
backup=c:\windows\pss\1-Click Answers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
backup=c:\windows\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGIDS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"LiveUpdate"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"wwSecSvc"=2 (0x2)
"ISPwdSvc"=3 (0x3)
"NBService"=3 (0x3)
"WZCSVC"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"avg8wd"=2 (0x2)
"LightScribeService"=2 (0x2)
"wuauserv"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

sumeetsingh · Sep 7, 2009

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

"4100:UDP"= 4100:UDP:uPNP Router Control Port

"27349:TCP"= 27349:TCP:BitComet 27349 TCP

"27349:UDP"= 27349:UDP:BitComet 27349 UDP

R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [x]

R2 PskSvcRetailInst;PskSvcRetailInst;c:\docume~1\Sunny\LOCALS~1\Temp\ISSCAN\PskSvc.exe [x]

R3 TNET1130;D-Link AirPlus G+ Wireless Adapter;c:\windows\system32\DRIVERS\GPlus.sys [x]

S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]

S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]

S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-02 177416]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2008-06-25 28928]

S4 NdisFileServices32;NdisFileServices32;c:\windows\system32\drivers\ouljjm.sys [2009-09-07 5477]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570913702-1853776353-2605627540-1006Core.job

- c:\documents and settings\Sunny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 16:05]

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570913702-1853776353-2605627540-1006UA.job

- c:\documents and settings\Sunny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 16:05]

.

- - - - ORPHANS REMOVED - - - -

Notify-avldr - avldr.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.in/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mStart Page = hxxp://in.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*Yahoo! SearchBar Home Page

uInternet Settings,ProxyOverride = *.local

TCP: {77ABB920-C7C0-4AF2-B44A-C0690236CA74} = 202.56.215.54,202.56.215.55

TCP: {A1F3D97C-1EE7-49D0-955B-D5D35E7E54D0} = 202.56.215.54,202.56.215.55

FF - ProfilePath - c:\documents and settings\Sunny\Application Data\Mozilla\Firefox\Profiles\eqtf1t8u.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

FF - plugin: c:\documents and settings\Sunny\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll

.

.

------- File Associations -------

.

JSEFile=c:\progra~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*

VBEFile=c:\progra~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*

VBSFile=c:\progra~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-07 11:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\wmdrtc32.dll 40960 bytes executable

c:\windows\system32\wmdrtc32.dl_ 26066 bytes

scan completed successfully

hidden files: 2

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3160)

c:\windows\system32\wmdrtc32.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\program files\PC Connectivity Solution\ConnAPI.DLL

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Panda Security\Panda Antivirus Pro 2010\PsCtrlS.exe

.

**************************************************************************

.

Completion time: 2009-09-07 11:28 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-07 05:57

ComboFix2.txt 2009-07-03 23:48

Pre-Run: 680,456,192 bytes free

Post-Run: 690,098,176 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5

726 --- E O F --- 2008-10-24 17:08

6pack · Sep 7, 2009

its too lengthy to make out anything. seems some viruses has gotten hold of your lappy.

just take backup of all important stuff like data and IE,FF bookmarks etc and format and clean install.

trying to remove so much infection is time consuming.

Striker10 · Sep 7, 2009

sumeetsingh said:
and safe modes not working.. whenever I try safemodes, get blue screen and system restarts...

My cousin's machine was also infected like this and didnt boot properly in safe mode . I just took a backup of important files and installed a brand new wxp.. use your compaq recovery cd!!

pepps3484 · Sep 7, 2009

same issue happened with my desktop and I backed up data on external HDD and formatted it .... after that using KIS and there are no issues :hap2:

So suggest you the same

HoliC · Sep 7, 2009

Format

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

formatformat

format

-Anish- · Sep 11, 2009

This could also be an issue with self propelled EFS (Encrypted File System).

Usually if you get access denied error messages, it means that one of the certificates needed for EFS is either corrupt or unreadable.

The best way to get rid of it is to go for a complete format of your hard drive (all partitions).

ryanrulez4ever · Sep 11, 2009

Well bro pm me ur number ill help u out, OSRI is a last resort, if viruses can be programmed then they can also be removed, i was working with VRQ(Virus removal queue) symantec

medpal · Sep 11, 2009

you can use UBCD4WIN boot via cd and run antiviruses provided from the cd itself.

that will at least allow you to boot into the safe mode from there you can proceed further.

madnav · Sep 12, 2009

see if any system back up was taken.

restore to previous backup until it is fixed.

once the AV is working fine.. scan everything with good AV....

Alternatively...

Do a repair install of XP, Immediately install an AV from external media like a cd/dvd (try clean source). scan the machine..

OR if taking the HDD out is possible.. then scan the OS drive on some other machine and then repair install XP on it..will work better this way.

And if Time is not an issue then install XP on an external hdd on lappy.. scan the host machine and then do the repair install.

Security Software Unable to Install any AV or run Online Scans

Resident Medic