Can't access windows updates

[azurablue]

My computer was recently infected, with the most damaging virus being one that didn't allow automatic virus updates, nor did it allow me to access web pages with the title or word "anti virus" or "update". After trying a number of different free downloads, Avast was the only one that I could download successfully, and of which found and deleted 5 trojans. Since then I've downloaded various other antivirus programs (not concurrently), and have removed yet more trojans. I am currently using Malwarebytes and Superantispyware, as well as comodo, and although all now state I have a clean computer, I still can't download windows updates, although I can now access the website. When I attempt to install express downloads it checks for required updates and then a message states "The website has encountered a problem and cannot display the page you are trying to view". (Error number: 0x80070002). I've tried stopping and starting automatic updates in Services, however there is no option to "stop", and when I attempt to "start", a window appears stating "Error 2 Cannot find the file specified". The same applies to Background Intelligence Transfer Service. Automatic updates still appear to be "on" in the security centre, however it's not working. I have been able to manually download some security patches however.

I have made a few changes to the system by suggestion from an APAC Global Consumer Support Rep, however what he recommends isn't working. He has suggested the following steps, of which I've conducted to date:

Step 1: Clean Boot

---------------------------

1. Click Start, and then click Run.
2. Type msconfig in the Open box, and then click OK.
3. On the General tab, click Selective Startup.
4. Under Selective Startup, click to clear the following check boxes:
Process SYSTEM.INI File
Process WIN.INI File
Load Startup Items
5. Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
6. Click OK.
7. When you are prompted, click Restart.
8. If you receive the System Configuration Utility dialog box upon startup, please select Don't show this message and click OK.

Step 2: Live OneCare Safety Scanner
Step 3: Remove Trojan or Viruses

----------------------------------------------

1. Download freeware Anti-Malware Remover from

http://www.malwarebytes.org/mbam.php

Step 4: Add DNS

-------------------------

1. Click Start and then click on Control Panel (Classic View) > Network Connections > Local Area Connection > Right Click and click on Properties.
2. Double-click Internet Protocol Version (TCP/IP) > Click Advanced.
3. Go to DNS tab, please select and remove all addresses under "DNS server addresses, in order of use:".
4. Click OK.
5. Mark the Use the following DNS Server Addresses.
6. Set the IP Addresses for "Preferred DNS Server" as 4.2.2.1 and for "Alternate DNS Server" as 4.2.2.2 and click OK twice

The following step was unsuccessful:

Step 5: Restart Services

------------------------

1. Click Start, select Run, type "services.msc" (without quotes) and Enter.
2. The Services window will appear.
3. Double click on Cryptographic Services.
4. Click on Stop to stop the service and click Start to restart the service again.
5. Click Apply and OK.
6. Please repeat Step 3.3 - Step 3.5 for the following services.
Background Intelligent Transfer Service
Automatic Updates
7. After that, please perform Windows Update again.
If the issue is resolved, please return your computer to Normal Startup State

It has now been 8 weeks since I've downloaded windows updates. In addition, I keep getting internet dropouts, as shown by the DSL light dropping out, followed by the Activity light. I even have a new replacement modem!

Here is my Hijackthis log for your perusal. Please help!!! And sorry this is such a long request, however I'm not a computer geek (wish I was!!!), and I'm not sure how much info you need. Many thanks!!!! Julie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:51 AM, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1180607378625
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://91.199.104.31/cab/ActiveQscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C6303B-7DBA-4795-9A6D-D4B26741E783}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8899 bytes

 

[Blade81]

Hi

Following operation assumes you have XP media handy.

Click start->run & write sfc /scannow.

Insert XP media in if asked. Try starting bits and automatic update services now.

 

[azurablue]

Thanks for your reply!

I tried what you suggested, but to no avail. A window pops up saying: Error 2 Specified file cannot be found.

Argh! What next?

Many thanks!

Julie

 

[Blade81]

Hi

Let's take a bit closer look.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

 

[azurablue]

Hello!

Thank you for your help! I've completed the scans you suggested, however GMER didn't operate as you suggested and started scanning automatically on opening. It presented a quick scan and and on completion, a window popped up stating there had been system modification and it prompted me to do a full scan. I clicked on yes and have a copy of the full scan, however there's so much info!, and I assumed you only needed quick scan results for now.

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 10:22:00.10 on Tue 31/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.277 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://au10.hpwis.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1238153351_fef06fda1a9c32a4785414c70560dffb&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-28 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-28 36368]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-2-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]
S4 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-28 677128]

=============== Created Last 30 ================

2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 18:31 150,032 ac------ c:\windows\system32\drivers\tmcomm.sys
2009-03-28 18:31 50,192 ac------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-28 18:31 50,192 ac------ c:\windows\system32\drivers\tmactmon.sys
2009-03-28 18:28 661,808 ac------ c:\windows\system32\UfWSC.cpl
2009-03-28 18:28 1,195,512 ac------ c:\windows\system32\drivers\vsapint.sys
2009-03-28 18:28 205,328 ac------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-28 18:28 80,400 ac------ c:\windows\system32\drivers\tmtdi.sys
2009-03-28 18:28 36,368 ac------ c:\windows\system32\drivers\tmpreflt.sys
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive
2009-03-02 14:14 28,857 -c------ c:\windows\system32\drivers\enethusb.sys
2009-03-02 14:14 <DIR> -cd----- c:\program files\Siemens Subscriber Networks
2009-03-02 14:14 50,934 -c------ c:\windows\system32\drivers\vvpciusb.sys
2009-03-02 14:14 50,911 -c------ c:\windows\system32\drivers\vvbususb.sys
2009-03-02 14:14 15,332 -c------ c:\windows\system32\drivers\vvbeth.sys
2009-03-02 14:14 15,309 -c------ c:\windows\system32\drivers\vvbetht.sys
2009-03-02 14:13 41,966 -c------ c:\windows\SSINST.INF

==================== Find3M ====================

2009-03-02 14:29 0 ac------ c:\windows\system32\drivers\4ada505b.sys
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 10:22:58.26 ===============


Attach:

Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 31/03/2009 8:01:54 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 48.639 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP665: 31/12/2008 8:37:41 AM - System Checkpoint
RP666: 1/01/2009 9:20:49 AM - System Checkpoint
RP667: 2/01/2009 10:24:37 AM - System Checkpoint
RP668: 3/01/2009 12:15:06 PM - System Checkpoint
RP669: 4/01/2009 4:27:41 PM - System Checkpoint
RP670: 5/01/2009 4:58:39 PM - System Checkpoint
RP671: 7/01/2009 9:11:46 AM - System Checkpoint
RP672: 8/01/2009 11:39:19 AM - System Checkpoint
RP673: 9/01/2009 11:57:44 AM - System Checkpoint
RP674: 10/01/2009 12:23:08 PM - System Checkpoint
RP675: 11/01/2009 12:52:03 PM - System Checkpoint
RP676: 12/01/2009 1:19:18 PM - System Checkpoint
RP677: 13/01/2009 1:35:49 PM - System Checkpoint
RP678: 14/01/2009 2:19:27 PM - System Checkpoint
RP679: 15/01/2009 3:00:32 AM - Software Distribution Service 3.0
RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Trend Micro AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

28/03/2009 2:20:42 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
27/03/2009 11:53:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
27/03/2009 11:53:08 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
27/03/2009 11:52:17 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
27/03/2009 11:48:09 PM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
27/03/2009 11:47:57 PM, error: Dhcp [1002] - The IP address lease 122.109.108.99 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 10:54:19 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
27/03/2009 9:14:57 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
27/03/2009 8:45:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
27/03/2009 8:44:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! antivirus service.
27/03/2009 7:15:38 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 7:14:57 PM, error: Dhcp [1002] - The IP address lease 122.105.154.155 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 6:19:56 PM, error: Dhcp [1002] - The IP address lease 58.106.138.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 5:29:19 PM, error: Dhcp [1002] - The IP address lease 58.106.42.59 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 4:54:58 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
27/03/2009 4:50:51 PM, error: Dhcp [1002] - The IP address lease 122.111.92.156 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 4:08:11 PM, error: Dhcp [1002] - The IP address lease 58.106.153.165 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 3:39:10 PM, error: Dhcp [1002] - The IP address lease 122.111.94.106 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 2:09:18 PM, error: Dhcp [1002] - The IP address lease 58.107.77.98 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 11:00:06 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
27/03/2009 10:43:45 AM, error: Dhcp [1002] - The IP address lease 122.111.11.103 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 10:25:44 AM, error: Dhcp [1002] - The IP address lease 122.111.95.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 9:57:52 AM, error: Dhcp [1002] - The IP address lease 58.106.136.35 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 9:36:17 AM, error: Dhcp [1002] - The IP address lease 122.111.12.99 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 9:17:05 AM, error: Dhcp [1002] - The IP address lease 58.106.140.224 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 8:31:04 AM, error: Dhcp [1002] - The IP address lease 58.106.47.207 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 7:22:14 AM, error: Dhcp [1002] - The IP address lease 58.106.29.27 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 1:36:44 AM, error: Dhcp [1002] - The IP address lease 58.106.139.102 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 10:21:37 PM, error: Dhcp [1002] - The IP address lease 58.106.28.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 8:57:06 PM, error: Dhcp [1002] - The IP address lease 58.107.76.62 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 8:10:51 PM, error: Dhcp [1002] - The IP address lease 58.106.43.215 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 7:14:50 PM, error: Dhcp [1002] - The IP address lease 58.111.176.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 6:25:10 PM, error: Dhcp [1002] - The IP address lease 58.106.41.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 5:49:45 PM, error: Dhcp [1002] - The IP address lease 122.105.158.151 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 5:21:44 PM, error: Dhcp [1002] - The IP address lease 122.111.18.222 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 4:53:50 PM, error: Dhcp [1002] - The IP address lease 58.106.156.133 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 2:13:38 PM, error: Dhcp [1002] - The IP address lease 58.106.141.138 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 12:22:02 PM, error: Dhcp [1002] - The IP address lease 58.106.155.25 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 12:01:01 PM, error: Dhcp [1002] - The IP address lease 122.111.18.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 11:34:51 AM, error: Dhcp [1002] - The IP address lease 122.111.17.103 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 10:51:17 AM, error: Dhcp [1002] - The IP address lease 122.111.12.119 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 10:01:16 AM, error: Dhcp [1002] - The IP address lease 58.106.157.2 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 8:25:44 AM, error: Dhcp [1002] - The IP address lease 58.110.13.220 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 6:59:35 AM, error: Dhcp [1002] - The IP address lease 122.105.157.60 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 2:11:06 AM, error: Dhcp [1002] - The IP address lease 58.106.159.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 10:53:17 PM, error: Dhcp [1002] - The IP address lease 58.106.29.253 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 9:03:16 PM, error: Dhcp [1002] - The IP address lease 122.105.152.167 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 7:57:38 PM, error: Dhcp [1002] - The IP address lease 58.106.142.221 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 7:03:59 PM, error: Dhcp [1002] - The IP address lease 114.78.35.33 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 6:24:58 PM, error: Dhcp [1002] - The IP address lease 122.111.95.121 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 5:42:28 PM, error: Dhcp [1002] - The IP address lease 122.105.159.165 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 5:13:53 PM, error: Dhcp [1002] - The IP address lease 58.107.79.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 4:34:28 PM, error: Dhcp [1002] - The IP address lease 122.109.107.227 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 3:49:17 PM, error: Dhcp [1002] - The IP address lease 58.111.177.1 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 3:02:16 PM, error: Dhcp [1002] - The IP address lease 58.111.179.78 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 12:06:24 PM, error: Dhcp [1002] - The IP address lease 58.111.183.68 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 10:45:17 AM, error: Dhcp [1002] - The IP address lease 122.111.10.120 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 10:20:37 AM, error: Dhcp [1002] - The IP address lease 58.106.157.54 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 9:50:09 AM, error: Dhcp [1002] - The IP address lease 122.105.152.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 9:25:08 AM, error: Dhcp [1002] - The IP address lease 58.106.31.204 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 8:53:10 AM, error: Dhcp [1002] - The IP address lease 58.110.13.86 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 7:07:19 AM, error: Dhcp [1002] - The IP address lease 122.105.159.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 12:28:51 AM, error: Dhcp [1002] - The IP address lease 58.106.153.117 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 9:58:50 PM, error: Dhcp [1002] - The IP address lease 58.106.41.126 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 8:08:11 PM, error: Dhcp [1002] - The IP address lease 114.78.35.200 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 6:43:10 PM, error: Dhcp [1002] - The IP address lease 58.111.178.240 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 6:15:03 PM, error: Dhcp [1002] - The IP address lease 58.106.143.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 5:50:02 PM, error: Dhcp [1002] - The IP address lease 58.106.136.132 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 5:09:40 PM, error: Dhcp [1002] - The IP address lease 114.78.32.10 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 4:38:26 PM, error: Dhcp [1002] - The IP address lease 58.106.141.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 3:57:24 PM, error: Dhcp [1002] - The IP address lease 58.106.140.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 1:02:12 PM, error: Dhcp [1002] - The IP address lease 58.111.183.253 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 12:20:49 PM, error: Dhcp [1002] - The IP address lease 122.105.153.194 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 11:43:32 AM, error: Dhcp [1002] - The IP address lease 58.111.183.185 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 11:16:51 AM, error: Dhcp [1002] - The IP address lease 58.106.25.70 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 10:47:50 AM, error: Dhcp [1002] - The IP address lease 122.111.92.225 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 9:54:01 AM, error: Dhcp [1002] - The IP address lease 58.106.152.155 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 4:43:05 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:25:52 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 8:23:11 AM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 1:47:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.

==== End Of File ===========================


GMER

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-31 13:29:24
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACsrfucfqr.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

 

[azurablue]

I probably should add that I do have 2 antivirus as it seems that Trend Micro has been disabled. Within 24 hours of downloading it (3 days ago), I have been unable to open it. Thus I have had to reinstall Comodo, of which seems to be working ok.

In addition, I cannot perform another HouseCall scan (initial scan 4 days ago found Trojan Malotorun1, and then crashed when I downloaded TMicro's 30 day trial antivirus. Scanned again with TM once installed, and it found and quarantined Malotorun1, however since then I haven't been able to open TM, yet it seems to be running in the background?? Argh, I've never had problems like this before! Also, I've noticed that although I manually downloaded Java updates (and windows security patches), the updated version of Java doesn't seem to be running.... found this out when trying to perform another TM Housecall scan using the "updated" Java kernel.

Thanks again!!

Julie

 

[Blade81]

Hi again,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[azurablue]

Hi Blake81

I downloaded combofix and completed the scan... it found some nasties!! And successfully removed them by the looks of it, but will leave the rest up to you!

The scan only produced one report, of which is copied below. Is there another report somewhere?

Also, I had to uninstall TrendMicro antivirus after starting combofix as it stated it was still running in the background. I didn't think this was the case as I haven't been able to open or access it since downloading it 4 days ago. Argh! Also, combofix stated that Comodo was still running on 'realtime", whereas I had completely disabled it. I did check it again and unticked a few extra boxes on Comodo console, however the "disabled" status wasn't any different. Hopefully this won't have affected the combofix scan.

Cheers!

Julie


ComboFix 09-03-31.01 - Owner 2009-04-01 9:39:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.274 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\MabryObj.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 07:35 . 2008-04-14 10:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 . 2004-08-04 15:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 . 2004-08-04 15:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:35 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:33 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-30 07:32 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-30 07:31 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-30 07:30 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-30 07:29 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-03-30 07:28 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-30 07:27 . 2008-04-14 10:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-30 07:26 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-30 07:25 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-30 07:24 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-30 07:23 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-30 07:22 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-30 07:21 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 . 2009-03-30 00:26 155,384 --a--c--- c:\windows\system32\guard32.dll
2009-03-30 00:26 . 2009-03-30 00:26 110,992 --a--c--- c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 . 2009-03-30 00:26 24,336 --a--c--- c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 . 2009-03-29 22:49 <DIR> d----c--- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-03-29 00:04 . 2009-03-29 00:04 <DIR> d----c--- C:\Rooter$
2009-03-28 21:28 . 2009-03-28 21:28 <DIR> d----c--- c:\program files\Windows Resource Kits
2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d----c--- c:\program files\ERUNT
2009-03-28 02:32 . 2009-03-28 09:17 <DIR> d----c--- c:\program files\AskBarDis
2009-03-28 02:32 . 2009-03-28 02:32 253,688 --a--c--- c:\windows\system32\cssdll32.dll
2009-03-28 02:31 . 2009-03-30 00:26 <DIR> d----c--- c:\program files\COMODO
2009-03-28 02:31 . 2009-03-30 02:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Comodo
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-26 16:49 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 . 2009-03-26 16:49 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-27 22:45 . 2009-03-27 22:45 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2009-03-27 22:29 . 2009-03-27 22:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\QuickScan
2009-03-27 21:29 . 2009-03-27 21:28 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-27 17:01 . 2009-03-27 20:37 <DIR> d----c--- c:\program files\Windows Live Safety Center
2009-03-07 15:32 . 2009-03-11 18:25 <DIR> d----c--- c:\program files\Ascentive
2009-03-07 15:32 . 2008-12-10 17:34 208,896 --a--c--- c:\windows\system32\ConTest.dll
2009-03-07 15:32 . 2008-11-06 16:04 36,864 --a--c--- c:\windows\system32\ascbalon.dll
2009-03-07 15:32 . 2008-11-06 16:04 20,480 --a--c--- c:\windows\system32\SysRestore.dll
2009-03-02 14:14 . 2009-03-02 14:14 <DIR> d----c--- c:\program files\Siemens Subscriber Networks
2009-03-02 14:14 . 2005-11-30 12:21 50,934 -----c--- c:\windows\system32\drivers\vvpciusb.sys
2009-03-02 14:14 . 2005-11-30 12:21 50,911 -----c--- c:\windows\system32\drivers\vvbususb.sys
2009-03-02 14:14 . 2005-11-30 12:21 28,857 -----c--- c:\windows\system32\drivers\enethusb.sys
2009-03-02 14:14 . 2005-11-30 12:21 15,332 -----c--- c:\windows\system32\drivers\vvbeth.sys
2009-03-02 14:14 . 2005-11-30 12:21 15,309 -----c--- c:\windows\system32\drivers\vvbetht.sys
2009-03-02 14:13 . 2005-11-30 12:21 41,966 -----c--- c:\windows\SSINST.INF
2009-02-24 17:25 . 2009-03-31 10:18 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-17 21:22 . 2009-02-17 21:22 <DIR> d----c--- c:\program files\Alwil Software
2009-02-17 21:00 . 2009-02-17 21:00 3,740 --a--c--- c:\windows\system32\OEMINFO.PNF
2009-02-17 20:51 . 2009-02-17 20:51 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Avg8
2009-02-17 08:50 . 2009-02-17 08:50 2 --a--c--- C:\-1472982065
2009-02-17 08:50 . 2009-03-02 14:29 0 --a--c--- c:\windows\system32\drivers\4ada505b.sys
2009-02-14 17:32 . 2009-02-14 17:32 0 -rahsc--- C:\khq
2009-02-14 17:07 . 2009-02-18 17:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-14 17:06 . 2009-02-14 17:06 <DIR> d----c--- c:\program files\Bonjour
2009-02-14 17:05 . 2009-02-14 17:06 <DIR> d----c--- c:\program files\QuickTime
2009-02-14 17:05 . 2009-02-14 17:05 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-14 17:04 . 2009-02-18 00:34 <DIR> d----c--- c:\program files\Common Files\Apple
2009-02-14 17:04 . 2009-02-14 17:04 <DIR> d----c--- c:\program files\Apple Software Update
2009-02-14 17:04 . 2009-02-14 17:04 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 23:36 --------- dc----w c:\program files\Trend Micro
2009-03-31 11:59 --------- dc----w c:\documents and settings\Owner\Application Data\Skype
2009-03-31 06:17 --------- dc----w c:\documents and settings\Owner\Application Data\skypePM
2009-03-27 12:46 --------- dc----w c:\program files\SUPERAntiSpyware
2009-03-27 11:28 --------- dc----w c:\program files\Java
2009-03-07 05:40 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-02 04:14 --------- dc----w c:\program files\OptusNet DSL Internet
2009-02-24 07:25 --------- dc----w c:\program files\Google
2007-12-09 05:18 880 -c----w c:\program files\uDigestV2.vib
2007-12-09 05:18 8,186 -c----w c:\program files\sys32init.clx
2007-12-09 05:18 8,186 -c----w c:\program files\clogo2.bmp
2007-12-09 05:18 400 -c----w c:\program files\uDigestV1.via
2007-12-09 05:18 3,760 -c----w c:\program files\uDigestV4.vid
2007-12-09 05:18 21,538 -c----w c:\program files\dll32sys.clx
2007-12-09 05:18 21,538 -c----w c:\program files\clogo1.bmp
2007-12-09 05:18 1,840 -c----w c:\program files\uDigestV3.vic
2008-08-05 22:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-30 1851128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OptusNet DSL Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
-----c--- 2004-02-03 22:45 155648 c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
-----c--- 2005-05-17 17:42 933888 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
-----c--- 2007-11-03 17:35 599280 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
-----c--- 2003-11-24 16:40 155648 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-08-21 02:15 483328 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-----c--- 2003-08-21 02:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 15:31 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
-----c--- 2005-03-17 14:45 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-05-16 16:58 213936 c:\_olddata\Ntfs - hp_pavilio\Program Files\Common Files\InstallShield\UpdateService\Isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 18:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a--c--- 2007-05-18 07:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-12-11 00:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2003-09-25 08:21 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2003-12-05 18:50 3022848 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
-----c--- 2005-03-17 14:25 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a--c--- 2008-09-04 14:24 3256320 c:\program files\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-10-16 14:57 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2003-11-03 15:50 221184 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
-----c--- 2005-01-26 18:02 49152 c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-----c--- 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-03-27 21:28 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
-----c--- 2003-10-29 11:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2009-03-23 14:07 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--------- 2007-07-27 12:11 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
-----c--- 2004-02-03 22:07 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
-----c--- 2003-08-19 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a--c--- 2007-04-11 07:46 709992 c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
-----c--- 2003-09-16 16:01 184320 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2003-12-05 18:50 753664 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MSCamSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! web scanner"=3 (0x3)
"avast! mail scanner"=3 (0x3)
"avast! antivirus"=2 (0x2)
"aswupdsv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TmProxy"=2 (0x2)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Update_004-D240-A9P_106-146_6190_v1r.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-02-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-02-03 24192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 03:11]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-UfSeAgnt - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe
MSConfigStartUp-AutoTBar - AUTOTBAR.EXE
MSConfigStartUp-pccguide - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 09:47:50
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-01 9:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-31 23:52:21

Pre-Run: 52,933,599,232 bytes free
Post-Run: 52,867,260,416 bytes free

330 --- E O F --- 2009-02-11 15:30:59

 

[Blade81]

Hi

According to the log Comodo was disabled correctly.

Please post contents of fresh dds.txt file too

 

[azurablue]

Hi Blade

Can't find the dds.txt file. There's 2 on my desktop, but they don't appear to be from combofix. One says it's a screensaver (properties), and the other one appears to be gmer. Where can I find the one you want as there was only one log on the screen when combofix finished scanning. My lack of knowledge here is shining through like a beacon at the moment :red:

Thanks!

Julie

 

[Blade81]

Hi

You should get one by running DDS (dds.scr) again

 

[azurablue]

Ok, there were 2 when I ran dds.scr, but I'm assuming that this is the one you wanted.

Also, I've noticed something!! When I look up Bits and Automatic Updates to try and restart them, the "path to executable" reads... %fystemRoot%\System32\svchost.exe -k netsvcs. Shouldn't "fystemRoot%" be "systemRoot%"? Other executables seem to be systemroot. I managed to see through the bright beacon! :snorkle:.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 7:00:56.87 on Thu 02/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.268 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1238153351_fef06fda1a9c32a4785414c70560dffb&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-2-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive

==================== Find3M ====================

2009-03-02 14:29 0 ac------ c:\windows\system32\drivers\4ada505b.sys
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 7:01:49.34 ===============

 

[Blade81]

Hi again,

Please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for %fystemRoot% and click OK. Post the logfile from the tool here for me.

 

[azurablue]

Ok, downloaded Registry Search Tool and nothing came up! Yet, when I go into Run, Services.msc and double click on Bits or Automatic updates, it shows "%fystemroot%\system32\svchost.exe -k netsvcs" in "Path to executables". Weird! Mind you, wasn't this deleted in one of the scan cleanups we did? Maybe this is what is left behind? Is there anyway to manually change it back to %systemroot% ? Argh, curiouser and curiouser. Isn't that what Alice said to the Rabbit? :

 

[Blade81]

Hi again

Uninstall these vulnerable Javas:
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Driver::
4ada505b

File::
C:\-1472982065
c:\windows\system32\drivers\4ada505b.sys
C:\khq

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Refering to the picture above (make sure all browser windows are closed), drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Let's also see if you can find fystemroot string with registry search tool.

 

[azurablue]

Hello

I've uninstalled all recommended instances of outdated Java and Adobe Reader, and I've run AFT Cleaner, Kapersky, Combofix, DDS & Reg Search Tool. Scan logs are below, however RST couldn't find %fystemroot%, when I can SEE that it's there in Services. Soooo, I looked up regedit and found 2 instances of %fystemroot%, in both Bits and AU. I've attached a printscreen of the page (for Bits only) in Paint. If I'm not allowed to do this , I'll type out the required detail for you to see.

Also, I have another small problem. Somehow, Nokia Media Player has become the "default" file type for bmp & some other files. When I saved something in paint as a bmp, even though I changed the "open with" progam manually to paint (and it opens in paint), the file type still shows as Nokia Media File. Argh! I'm not even sure how this happened in the first place :fear:

Thank you SO much for your help so far!!!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:31:18.85 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.337 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive

==================== Find3M ====================

2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 8:32:25.18 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/03/2009 5:12:33 PM (735 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 49.332 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
Java(TM) 6 Update 13
Java(TM) 6 Update 2
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/04/2009 11:31:50 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:34:02 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:33:50 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 1:37:44 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
31/03/2009 12:52:23 PM, error: Dhcp [1002] - The IP address lease 122.105.154.146 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 12:19:06 PM, error: Dhcp [1002] - The IP address lease 58.106.43.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:59:26 AM, error: Dhcp [1002] - The IP address lease 58.106.138.9 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:37:16 AM, error: Dhcp [1002] - The IP address lease 122.111.16.161 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:13:50 AM, error: Dhcp [1002] - The IP address lease 58.106.155.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 6:22:04 PM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
28/03/2009 9:26:11 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 9:00:42 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 5:20:14 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 4:42:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================


ComboFix 09-04-01.01 - Owner 2009-04-03 17:07:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.270 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point

FILE ::
C:\-1472982065
C:\khq
c:\windows\system32\drivers\4ada505b.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1472982065
C:\khq
c:\windows\system32\drivers\4ada505b.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4ada505b


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-03-30 07:35 . 2008-04-14 10:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 . 2004-08-04 15:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 . 2004-08-04 15:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:35 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:33 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-30 07:32 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-30 07:31 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-30 07:30 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-30 07:29 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-03-30 07:28 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-30 07:27 . 2008-04-14 10:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-30 07:26 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-30 07:25 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-30 07:24 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-30 07:23 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-30 07:22 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-30 07:21 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 . 2009-03-30 00:26 155,384 --a--c--- c:\windows\system32\guard32.dll
2009-03-30 00:26 . 2009-03-30 00:26 110,992 --a--c--- c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 . 2009-03-30 00:26 24,336 --a--c--- c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 . 2009-03-29 22:49 <DIR> d----c--- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-03-29 00:04 . 2009-03-29 00:04 <DIR> d----c--- C:\Rooter$
2009-03-28 21:28 . 2009-03-28 21:28 <DIR> d----c--- c:\program files\Windows Resource Kits
2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d----c--- c:\program files\ERUNT
2009-03-28 02:32 . 2009-03-28 09:17 <DIR> d----c--- c:\program files\AskBarDis
2009-03-28 02:32 . 2009-03-28 02:32 253,688 --a--c--- c:\windows\system32\cssdll32.dll
2009-03-28 02:31 . 2009-03-30 00:26 <DIR> d----c--- c:\program files\COMODO
2009-03-28 02:31 . 2009-03-30 02:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Comodo
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-26 16:49 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 . 2009-03-26 16:49 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-27 22:45 . 2009-03-27 22:45 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2009-03-27 22:29 . 2009-03-27 22:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\QuickScan
2009-03-27 21:29 . 2009-03-27 21:28 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-27 17:01 . 2009-03-27 20:37 <DIR> d----c--- c:\program files\Windows Live Safety Center
2009-03-07 15:32 . 2009-03-11 18:25 <DIR> d----c--- c:\program files\Ascentive
2009-03-07 15:32 . 2008-12-10 17:34 208,896 --a--c--- c:\windows\system32\ConTest.dll
2009-03-07 15:32 . 2008-11-06 16:04 36,864 --a--c--- c:\windows\system32\ascbalon.dll
2009-03-07 15:32 . 2008-11-06 16:04 20,480 --a--c--- c:\windows\system32\SysRestore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 06:57 --------- dc----w c:\program files\Java
2009-04-03 03:21 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-02 06:29 --------- dc----w c:\program files\Auction Sentry
2009-04-02 01:40 --------- dc----w c:\documents and settings\Owner\Application Data\Skype
2009-04-02 01:16 --------- dc----w c:\documents and settings\Owner\Application Data\skypePM
2009-03-31 23:36 --------- dc----w c:\program files\Trend Micro
2009-03-27 12:46 --------- dc----w c:\program files\SUPERAntiSpyware
2009-03-07 05:40 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-02 04:14 --------- dc----w c:\program files\Siemens Subscriber Networks
2009-03-02 04:14 --------- dc----w c:\program files\OptusNet DSL Internet
2009-02-24 07:25 --------- dc----w c:\program files\Google
2009-02-18 07:29 --------- dc----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-17 14:34 --------- dc----w c:\program files\Common Files\Apple
2009-02-17 11:22 --------- dc----w c:\program files\Alwil Software
2009-02-17 10:51 --------- dc----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-14 07:06 --------- dc----w c:\program files\QuickTime
2009-02-14 07:06 --------- dc----w c:\program files\Bonjour
2009-02-14 07:05 --------- dc----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-14 07:04 --------- dc----w c:\program files\Apple Software Update
2009-02-14 07:04 --------- dc----w c:\documents and settings\All Users\Application Data\Apple
2007-12-09 05:18 880 -c----w c:\program files\uDigestV2.vib
2007-12-09 05:18 8,186 -c----w c:\program files\sys32init.clx
2007-12-09 05:18 8,186 -c----w c:\program files\clogo2.bmp
2007-12-09 05:18 400 -c----w c:\program files\uDigestV1.via
2007-12-09 05:18 3,760 -c----w c:\program files\uDigestV4.vid
2007-12-09 05:18 21,538 -c----w c:\program files\dll32sys.clx
2007-12-09 05:18 21,538 -c----w c:\program files\clogo1.bmp
2007-12-09 05:18 1,840 -c----w c:\program files\uDigestV3.vic
2008-08-05 22:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-30 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
-----c--- 2004-02-03 22:45 155648 c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
-----c--- 2005-05-17 17:42 933888 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
-----c--- 2007-11-03 17:35 599280 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
-----c--- 2003-11-24 16:40 155648 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-08-21 02:15 483328 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-----c--- 2003-08-21 02:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 15:31 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
-----c--- 2005-03-17 14:45 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-05-16 16:58 213936 c:\_olddata\Ntfs - hp_pavilio\Program Files\Common Files\InstallShield\UpdateService\Isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 18:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a--c--- 2007-05-18 07:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-12-11 00:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2003-09-25 08:21 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2003-12-05 18:50 3022848 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
-----c--- 2005-03-17 14:25 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a--c--- 2008-09-04 14:24 3256320 c:\program files\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-10-16 14:57 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2003-11-03 15:50 221184 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
-----c--- 2005-01-26 18:02 49152 c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-----c--- 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-03-27 21:28 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
-----c--- 2003-10-29 11:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2009-03-23 14:07 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--------- 2007-07-27 12:11 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
-----c--- 2004-02-03 22:07 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
-----c--- 2003-08-19 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a--c--- 2007-04-11 07:46 709992 c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
-----c--- 2003-09-16 16:01 184320 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2003-12-05 18:50 753664 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MSCamSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! web scanner"=3 (0x3)
"avast! mail scanner"=3 (0x3)
"avast! antivirus"=2 (0x2)
"aswupdsv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TmProxy"=2 (0x2)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Update_004-D240-A9P_106-146_6190_v1r.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-02-03 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 17:13:41
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-03 17:18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 07:18:50
ComboFix2.txt 2009-03-31 23:52:27

Pre-Run: 53,131,034,624 bytes free
Post-Run: 53,173,211,136 bytes free

315 --- E O F --- 2009-02-11 15:30:59


KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, April 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 03, 2009 09:13:38
Records in database: 2004123
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 103784
Threat name: 4
Infected objects: 14
Suspicious objects: 6
Duration of the scan: 02:52:53


File name / Threat name / Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\_OldData\Ntfs - hp_pavilio\Program Files\Common Files\Real\Toolbar\Realbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc398.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc398.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc621.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc621.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc673.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc673.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc777.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc824.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc871.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

 

[Blade81]

RST couldn't find %fystemroot%, when I can SEE that it's there in Services. Soooo, I looked up regedit and found 2 instances of %fystemroot%, in both Bits and AU.

Did you try RST with fystemroot string without % -characters and it still didn't find those two? Since it looks like you're familiar with registry editing I let you change those two manually Double click that value in data cell. New window should open up. In that window change f->s so that it reads %systemRoot% instead of %fystemRoot% there (let the other part of string be as it was). Repeat with AU service.

Then, uninstall Ask Toolbar if you didn't install it on purpose.


Delete items in C:\_OldData\Ntfs - hp_pavilio\Recycler folder.

Also, I have another small problem. Somehow, Nokia Media Player has become the "default" file type for bmp & some other files. When I saved something in paint as a bmp, even though I changed the "open with" progam manually to paint (and it opens in paint), the file type still shows as Nokia Media File.

Please see "To change which program starts when you double-click a file" -part here.


Post a fresh dds log and let me know did those actions help

 

[azurablue]

Hello!

Well, Reg Tool worked as you suggested, without % either side. It found 6 instances of fystemroot! That's the "good" news. The "bad" news is, I can't manually edit them. I get an error message saying, "Cannot edt image path: Error writing the value's new contents". This is the same for Automatic Updates too.

I don't know much about the registry, I've only watched a friend look things up via run, regedit.exe... so I did the same and found what I was looking for, although I couldn't find 6 instances of it, so thank you Reg Tool! I've posted the log below for you to see. Because I can't manually edit them via the way you suggested, what now? I googled this prob, and read somewhere that in same instances, people are having to manually reset the value when in safe mode? :banghead::hair:

DDS log attached as requested, and again... thank you so very much for your help so far!

P.s. I've noticed over the last week that my browser takes a long time to close and seems to hang for a bit... yet there are no viruses visible in the scans I've been running. Could this just be due to lack of updates and patches, due to the fystemroot issue?

Cheers!
Julie

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "fystemroot" 4/04/2009 10:38:35 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File2"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"g"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"b"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"i"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/04/2009 3:40:23 PM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 49.14 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.
RP780: 4/04/2009 5:35:59 PM - System Checkpoint

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/04/2009 4:42:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 4:39:02 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
3/04/2009 4:38:51 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:27 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 1:37:44 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
31/03/2009 12:52:23 PM, error: Dhcp [1002] - The IP address lease 122.105.154.146 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 12:19:06 PM, error: Dhcp [1002] - The IP address lease 58.106.43.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:59:26 AM, error: Dhcp [1002] - The IP address lease 58.106.138.9 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:37:16 AM, error: Dhcp [1002] - The IP address lease 122.111.16.161 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:13:50 AM, error: Dhcp [1002] - The IP address lease 58.106.155.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 6:22:04 PM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
28/03/2009 9:26:11 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 9:00:42 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 5:20:14 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 8:57:42 AM, error: Dhcp [1002] - The IP address lease 58.106.154.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:45:52 AM, error: Dhcp [1002] - The IP address lease 58.107.76.225 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 11:52:24 AM, error: Dhcp [1002] - The IP address lease 58.111.179.115 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 6:21:21 PM, error: Dhcp [1002] - The IP address lease 58.111.180.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:35:22 PM, error: Dhcp [1002] - The IP address lease 122.109.107.105 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 22:46:46.29 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.294 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-04 12:21 <DIR> -cd----- c:\program files\iPod
2009-04-04 12:21 <DIR> -cd----- c:\program files\iTunes
2009-04-04 12:21 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 12:12 <DIR> -cd----- c:\program files\Bonjour
2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive

==================== Find3M ====================

2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 22:47:44.23 ===============

 

[azurablue]

Sorry, should mention that 2 of the 6 fystemroot files (above), are copies that I took for you to look at here and I've saved them on the desktop. I'm not sure about the other ones... they say explorer? And, they're jpegs and bmps??? Curioser. What I think is strange is that the instances of fystemroot in AU and Bits doesn't seem to have shown up in the Reg Tool search. :slap:

 

[azurablue]

Doh!! All instances of fystemroot on Desktop are mine! lol. Sorry! So why didn't reg tool pick up the others in Bits and AU?? They must be hidden or something.. and the fact that I can't change them manually says there is something not right going on. Hmmm.

Thanks for your patience!!!!

Julie :red: