PDA

View Full Version : Can't access windows updates



azurablue
2009-03-28, 04:07
My computer was recently infected, with the most damaging virus being one that didn't allow automatic virus updates, nor did it allow me to access web pages with the title or word "anti virus" or "update". After trying a number of different free downloads, Avast was the only one that I could download successfully, and of which found and deleted 5 trojans. Since then I've downloaded various other antivirus programs (not concurrently), and have removed yet more trojans. I am currently using Malwarebytes and Superantispyware, as well as comodo, and although all now state I have a clean computer, I still can't download windows updates, although I can now access the website. When I attempt to install express downloads it checks for required updates and then a message states "The website has encountered a problem and cannot display the page you are trying to view". (Error number: 0x80070002). I've tried stopping and starting automatic updates in Services, however there is no option to "stop", and when I attempt to "start", a window appears stating "Error 2 Cannot find the file specified". The same applies to Background Intelligence Transfer Service. Automatic updates still appear to be "on" in the security centre, however it's not working. I have been able to manually download some security patches however.

I have made a few changes to the system by suggestion from an APAC Global Consumer Support Rep, however what he recommends isn't working. He has suggested the following steps, of which I've conducted to date:

Step 1: Clean Boot

---------------------------

1. Click Start, and then click Run.
2. Type msconfig in the Open box, and then click OK.
3. On the General tab, click Selective Startup.
4. Under Selective Startup, click to clear the following check boxes:
Process SYSTEM.INI File
Process WIN.INI File
Load Startup Items
5. Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
6. Click OK.
7. When you are prompted, click Restart.
8. If you receive the System Configuration Utility dialog box upon startup, please select Don't show this message and click OK.

Step 2: Live OneCare Safety Scanner
Step 3: Remove Trojan or Viruses

----------------------------------------------

1. Download freeware Anti-Malware Remover from

http://www.malwarebytes.org/mbam.php

Step 4: Add DNS

-------------------------

1. Click Start and then click on Control Panel (Classic View) > Network Connections > Local Area Connection > Right Click and click on Properties.
2. Double-click Internet Protocol Version (TCP/IP) > Click Advanced.
3. Go to DNS tab, please select and remove all addresses under "DNS server addresses, in order of use:".
4. Click OK.
5. Mark the Use the following DNS Server Addresses.
6. Set the IP Addresses for "Preferred DNS Server" as 4.2.2.1 and for "Alternate DNS Server" as 4.2.2.2 and click OK twice

The following step was unsuccessful:

Step 5: Restart Services

------------------------

1. Click Start, select Run, type "services.msc" (without quotes) and Enter.
2. The Services window will appear.
3. Double click on Cryptographic Services.
4. Click on Stop to stop the service and click Start to restart the service again.
5. Click Apply and OK.
6. Please repeat Step 3.3 - Step 3.5 for the following services.
Background Intelligent Transfer Service
Automatic Updates
7. After that, please perform Windows Update again.
If the issue is resolved, please return your computer to Normal Startup State

It has now been 8 weeks since I've downloaded windows updates. In addition, I keep getting internet dropouts, as shown by the DSL light dropping out, followed by the Activity light. I even have a new replacement modem!

Here is my Hijackthis log for your perusal. Please help!!! And sorry this is such a long request, however I'm not a computer geek (wish I was!!!), and I'm not sure how much info you need. Many thanks!!!! Julie


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:51 AM, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1238153351_fef06fda1a9c32a4785414c70560dffb&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://91.199.104.31/cab/ActiveQscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54C6303B-7DBA-4795-9A6D-D4B26741E783}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8899 bytes

Blade81
2009-03-29, 23:46
Hi

Following operation assumes you have XP media handy.

Click start->run & write sfc /scannow.

Insert XP media in if asked. Try starting bits and automatic update services now.

azurablue
2009-03-30, 02:08
Thanks for your reply!

I tried what you suggested, but to no avail. A window pops up saying: Error 2 Specified file cannot be found.

Argh! What next?

Many thanks!

Julie

Blade81
2009-03-30, 19:52
Hi

Let's take a bit closer look.

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Download GMER (http://www.gmer.net/gmer.zip) and save it your desktop:
Extract it to your desktop and double-click GMER.exe
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

azurablue
2009-03-31, 06:33
Hello!

Thank you for your help! I've completed the scans you suggested, however GMER didn't operate as you suggested and started scanning automatically on opening. It presented a quick scan and and on completion, a window popped up stating there had been system modification and it prompted me to do a full scan. I clicked on yes and have a copy of the full scan, however there's so much info!, and I assumed you only needed quick scan results for now.

DDS:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 10:22:00.10 on Tue 31/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.277 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://au10.hpwis.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1238153351_fef06fda1a9c32a4785414c70560dffb&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-28 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-28 36368]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-2-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]
S4 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-28 677128]

=============== Created Last 30 ================

2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 18:31 150,032 ac------ c:\windows\system32\drivers\tmcomm.sys
2009-03-28 18:31 50,192 ac------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-28 18:31 50,192 ac------ c:\windows\system32\drivers\tmactmon.sys
2009-03-28 18:28 661,808 ac------ c:\windows\system32\UfWSC.cpl
2009-03-28 18:28 1,195,512 ac------ c:\windows\system32\drivers\vsapint.sys
2009-03-28 18:28 205,328 ac------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-28 18:28 80,400 ac------ c:\windows\system32\drivers\tmtdi.sys
2009-03-28 18:28 36,368 ac------ c:\windows\system32\drivers\tmpreflt.sys
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive
2009-03-02 14:14 28,857 -c------ c:\windows\system32\drivers\enethusb.sys
2009-03-02 14:14 <DIR> -cd----- c:\program files\Siemens Subscriber Networks
2009-03-02 14:14 50,934 -c------ c:\windows\system32\drivers\vvpciusb.sys
2009-03-02 14:14 50,911 -c------ c:\windows\system32\drivers\vvbususb.sys
2009-03-02 14:14 15,332 -c------ c:\windows\system32\drivers\vvbeth.sys
2009-03-02 14:14 15,309 -c------ c:\windows\system32\drivers\vvbetht.sys
2009-03-02 14:13 41,966 -c------ c:\windows\SSINST.INF

==================== Find3M ====================

2009-03-02 14:29 0 ac------ c:\windows\system32\drivers\4ada505b.sys
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 10:22:58.26 ===============


Attach:

Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 31/03/2009 8:01:54 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 48.639 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP665: 31/12/2008 8:37:41 AM - System Checkpoint
RP666: 1/01/2009 9:20:49 AM - System Checkpoint
RP667: 2/01/2009 10:24:37 AM - System Checkpoint
RP668: 3/01/2009 12:15:06 PM - System Checkpoint
RP669: 4/01/2009 4:27:41 PM - System Checkpoint
RP670: 5/01/2009 4:58:39 PM - System Checkpoint
RP671: 7/01/2009 9:11:46 AM - System Checkpoint
RP672: 8/01/2009 11:39:19 AM - System Checkpoint
RP673: 9/01/2009 11:57:44 AM - System Checkpoint
RP674: 10/01/2009 12:23:08 PM - System Checkpoint
RP675: 11/01/2009 12:52:03 PM - System Checkpoint
RP676: 12/01/2009 1:19:18 PM - System Checkpoint
RP677: 13/01/2009 1:35:49 PM - System Checkpoint
RP678: 14/01/2009 2:19:27 PM - System Checkpoint
RP679: 15/01/2009 3:00:32 AM - Software Distribution Service 3.0
RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Trend Micro AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

28/03/2009 2:20:42 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
27/03/2009 11:53:26 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
27/03/2009 11:53:08 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
27/03/2009 11:52:17 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
27/03/2009 11:48:09 PM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
27/03/2009 11:47:57 PM, error: Dhcp [1002] - The IP address lease 122.109.108.99 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 10:54:19 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
27/03/2009 9:14:57 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
27/03/2009 8:45:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
27/03/2009 8:44:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! antivirus service.
27/03/2009 7:15:38 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 7:14:57 PM, error: Dhcp [1002] - The IP address lease 122.105.154.155 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 6:19:56 PM, error: Dhcp [1002] - The IP address lease 58.106.138.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 5:29:19 PM, error: Dhcp [1002] - The IP address lease 58.106.42.59 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 4:54:58 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
27/03/2009 4:50:51 PM, error: Dhcp [1002] - The IP address lease 122.111.92.156 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 4:08:11 PM, error: Dhcp [1002] - The IP address lease 58.106.153.165 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 3:39:10 PM, error: Dhcp [1002] - The IP address lease 122.111.94.106 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 2:09:18 PM, error: Dhcp [1002] - The IP address lease 58.107.77.98 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 11:00:06 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
27/03/2009 10:43:45 AM, error: Dhcp [1002] - The IP address lease 122.111.11.103 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 10:25:44 AM, error: Dhcp [1002] - The IP address lease 122.111.95.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 9:57:52 AM, error: Dhcp [1002] - The IP address lease 58.106.136.35 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 9:36:17 AM, error: Dhcp [1002] - The IP address lease 122.111.12.99 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 9:17:05 AM, error: Dhcp [1002] - The IP address lease 58.106.140.224 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 8:31:04 AM, error: Dhcp [1002] - The IP address lease 58.106.47.207 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 7:22:14 AM, error: Dhcp [1002] - The IP address lease 58.106.29.27 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
27/03/2009 1:36:44 AM, error: Dhcp [1002] - The IP address lease 58.106.139.102 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 10:21:37 PM, error: Dhcp [1002] - The IP address lease 58.106.28.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 8:57:06 PM, error: Dhcp [1002] - The IP address lease 58.107.76.62 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 8:10:51 PM, error: Dhcp [1002] - The IP address lease 58.106.43.215 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 7:14:50 PM, error: Dhcp [1002] - The IP address lease 58.111.176.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 6:25:10 PM, error: Dhcp [1002] - The IP address lease 58.106.41.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 5:49:45 PM, error: Dhcp [1002] - The IP address lease 122.105.158.151 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 5:21:44 PM, error: Dhcp [1002] - The IP address lease 122.111.18.222 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 4:53:50 PM, error: Dhcp [1002] - The IP address lease 58.106.156.133 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 2:13:38 PM, error: Dhcp [1002] - The IP address lease 58.106.141.138 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 12:22:02 PM, error: Dhcp [1002] - The IP address lease 58.106.155.25 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 12:01:01 PM, error: Dhcp [1002] - The IP address lease 122.111.18.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 11:34:51 AM, error: Dhcp [1002] - The IP address lease 122.111.17.103 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 10:51:17 AM, error: Dhcp [1002] - The IP address lease 122.111.12.119 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 10:01:16 AM, error: Dhcp [1002] - The IP address lease 58.106.157.2 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 8:25:44 AM, error: Dhcp [1002] - The IP address lease 58.110.13.220 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 6:59:35 AM, error: Dhcp [1002] - The IP address lease 122.105.157.60 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/03/2009 2:11:06 AM, error: Dhcp [1002] - The IP address lease 58.106.159.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 10:53:17 PM, error: Dhcp [1002] - The IP address lease 58.106.29.253 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 9:03:16 PM, error: Dhcp [1002] - The IP address lease 122.105.152.167 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 7:57:38 PM, error: Dhcp [1002] - The IP address lease 58.106.142.221 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 7:03:59 PM, error: Dhcp [1002] - The IP address lease 114.78.35.33 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 6:24:58 PM, error: Dhcp [1002] - The IP address lease 122.111.95.121 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 5:42:28 PM, error: Dhcp [1002] - The IP address lease 122.105.159.165 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 5:13:53 PM, error: Dhcp [1002] - The IP address lease 58.107.79.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 4:34:28 PM, error: Dhcp [1002] - The IP address lease 122.109.107.227 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 3:49:17 PM, error: Dhcp [1002] - The IP address lease 58.111.177.1 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 3:02:16 PM, error: Dhcp [1002] - The IP address lease 58.111.179.78 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 12:06:24 PM, error: Dhcp [1002] - The IP address lease 58.111.183.68 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 10:45:17 AM, error: Dhcp [1002] - The IP address lease 122.111.10.120 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 10:20:37 AM, error: Dhcp [1002] - The IP address lease 58.106.157.54 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 9:50:09 AM, error: Dhcp [1002] - The IP address lease 122.105.152.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 9:25:08 AM, error: Dhcp [1002] - The IP address lease 58.106.31.204 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 8:53:10 AM, error: Dhcp [1002] - The IP address lease 58.110.13.86 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 7:07:19 AM, error: Dhcp [1002] - The IP address lease 122.105.159.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/03/2009 12:28:51 AM, error: Dhcp [1002] - The IP address lease 58.106.153.117 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 9:58:50 PM, error: Dhcp [1002] - The IP address lease 58.106.41.126 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 8:08:11 PM, error: Dhcp [1002] - The IP address lease 114.78.35.200 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 6:43:10 PM, error: Dhcp [1002] - The IP address lease 58.111.178.240 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 6:15:03 PM, error: Dhcp [1002] - The IP address lease 58.106.143.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 5:50:02 PM, error: Dhcp [1002] - The IP address lease 58.106.136.132 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 5:09:40 PM, error: Dhcp [1002] - The IP address lease 114.78.32.10 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 4:38:26 PM, error: Dhcp [1002] - The IP address lease 58.106.141.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 3:57:24 PM, error: Dhcp [1002] - The IP address lease 58.106.140.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 1:02:12 PM, error: Dhcp [1002] - The IP address lease 58.111.183.253 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 12:20:49 PM, error: Dhcp [1002] - The IP address lease 122.105.153.194 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 11:43:32 AM, error: Dhcp [1002] - The IP address lease 58.111.183.185 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 11:16:51 AM, error: Dhcp [1002] - The IP address lease 58.106.25.70 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 10:47:50 AM, error: Dhcp [1002] - The IP address lease 122.111.92.225 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/03/2009 9:54:01 AM, error: Dhcp [1002] - The IP address lease 58.106.152.155 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 4:43:05 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:25:52 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 8:23:11 AM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 1:47:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.

==== End Of File ===========================


GMER

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-31 13:29:24
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Services - GMER 1.0.15 ----

Service system32\drivers\UACsrfucfqr.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

azurablue
2009-03-31, 06:49
I probably should add that I do have 2 antivirus as it seems that Trend Micro has been disabled. Within 24 hours of downloading it (3 days ago), I have been unable to open it. Thus I have had to reinstall Comodo, of which seems to be working ok.

In addition, I cannot perform another HouseCall scan (initial scan 4 days ago found Trojan Malotorun1, and then crashed when I downloaded TMicro's 30 day trial antivirus. Scanned again with TM once installed, and it found and quarantined Malotorun1, however since then I haven't been able to open TM, yet it seems to be running in the background?? Argh, I've never had problems like this before! Also, I've noticed that although I manually downloaded Java updates (and windows security patches), the updated version of Java doesn't seem to be running.... found this out when trying to perform another TM Housecall scan using the "updated" Java kernel.

Thanks again!!

Julie

Blade81
2009-03-31, 18:42
Hi again,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

azurablue
2009-04-01, 04:12
Hi Blake81

I downloaded combofix and completed the scan... it found some nasties!! And successfully removed them by the looks of it, but will leave the rest up to you!

The scan only produced one report, of which is copied below. Is there another report somewhere?

Also, I had to uninstall TrendMicro antivirus after starting combofix as it stated it was still running in the background. I didn't think this was the case as I haven't been able to open or access it since downloading it 4 days ago. Argh! Also, combofix stated that Comodo was still running on 'realtime", whereas I had completely disabled it. I did check it again and unticked a few extra boxes on Comodo console, however the "disabled" status wasn't any different. Hopefully this won't have affected the combofix scan.

Cheers!

Julie


ComboFix 09-03-31.01 - Owner 2009-04-01 9:39:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.274 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\MabryObj.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 07:35 . 2008-04-14 10:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 . 2004-08-04 15:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 . 2004-08-04 15:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:35 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:33 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-30 07:32 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-30 07:31 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-30 07:30 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-30 07:29 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-03-30 07:28 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-30 07:27 . 2008-04-14 10:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-30 07:26 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-30 07:25 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-30 07:24 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-30 07:23 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-30 07:22 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-30 07:21 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 . 2009-03-30 00:26 155,384 --a--c--- c:\windows\system32\guard32.dll
2009-03-30 00:26 . 2009-03-30 00:26 110,992 --a--c--- c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 . 2009-03-30 00:26 24,336 --a--c--- c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 . 2009-03-29 22:49 <DIR> d----c--- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-03-29 00:04 . 2009-03-29 00:04 <DIR> d----c--- C:\Rooter$
2009-03-28 21:28 . 2009-03-28 21:28 <DIR> d----c--- c:\program files\Windows Resource Kits
2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d----c--- c:\program files\ERUNT
2009-03-28 02:32 . 2009-03-28 09:17 <DIR> d----c--- c:\program files\AskBarDis
2009-03-28 02:32 . 2009-03-28 02:32 253,688 --a--c--- c:\windows\system32\cssdll32.dll
2009-03-28 02:31 . 2009-03-30 00:26 <DIR> d----c--- c:\program files\COMODO
2009-03-28 02:31 . 2009-03-30 02:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Comodo
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-26 16:49 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 . 2009-03-26 16:49 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-27 22:45 . 2009-03-27 22:45 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2009-03-27 22:29 . 2009-03-27 22:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\QuickScan
2009-03-27 21:29 . 2009-03-27 21:28 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-27 17:01 . 2009-03-27 20:37 <DIR> d----c--- c:\program files\Windows Live Safety Center
2009-03-07 15:32 . 2009-03-11 18:25 <DIR> d----c--- c:\program files\Ascentive
2009-03-07 15:32 . 2008-12-10 17:34 208,896 --a--c--- c:\windows\system32\ConTest.dll
2009-03-07 15:32 . 2008-11-06 16:04 36,864 --a--c--- c:\windows\system32\ascbalon.dll
2009-03-07 15:32 . 2008-11-06 16:04 20,480 --a--c--- c:\windows\system32\SysRestore.dll
2009-03-02 14:14 . 2009-03-02 14:14 <DIR> d----c--- c:\program files\Siemens Subscriber Networks
2009-03-02 14:14 . 2005-11-30 12:21 50,934 -----c--- c:\windows\system32\drivers\vvpciusb.sys
2009-03-02 14:14 . 2005-11-30 12:21 50,911 -----c--- c:\windows\system32\drivers\vvbususb.sys
2009-03-02 14:14 . 2005-11-30 12:21 28,857 -----c--- c:\windows\system32\drivers\enethusb.sys
2009-03-02 14:14 . 2005-11-30 12:21 15,332 -----c--- c:\windows\system32\drivers\vvbeth.sys
2009-03-02 14:14 . 2005-11-30 12:21 15,309 -----c--- c:\windows\system32\drivers\vvbetht.sys
2009-03-02 14:13 . 2005-11-30 12:21 41,966 -----c--- c:\windows\SSINST.INF
2009-02-24 17:25 . 2009-03-31 10:18 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-17 21:22 . 2009-02-17 21:22 <DIR> d----c--- c:\program files\Alwil Software
2009-02-17 21:00 . 2009-02-17 21:00 3,740 --a--c--- c:\windows\system32\OEMINFO.PNF
2009-02-17 20:51 . 2009-02-17 20:51 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Avg8
2009-02-17 08:50 . 2009-02-17 08:50 2 --a--c--- C:\-1472982065
2009-02-17 08:50 . 2009-03-02 14:29 0 --a--c--- c:\windows\system32\drivers\4ada505b.sys
2009-02-14 17:32 . 2009-02-14 17:32 0 -rahsc--- C:\khq
2009-02-14 17:07 . 2009-02-18 17:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-14 17:06 . 2009-02-14 17:06 <DIR> d----c--- c:\program files\Bonjour
2009-02-14 17:05 . 2009-02-14 17:06 <DIR> d----c--- c:\program files\QuickTime
2009-02-14 17:05 . 2009-02-14 17:05 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-14 17:04 . 2009-02-18 00:34 <DIR> d----c--- c:\program files\Common Files\Apple
2009-02-14 17:04 . 2009-02-14 17:04 <DIR> d----c--- c:\program files\Apple Software Update
2009-02-14 17:04 . 2009-02-14 17:04 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 23:36 --------- dc----w c:\program files\Trend Micro
2009-03-31 11:59 --------- dc----w c:\documents and settings\Owner\Application Data\Skype
2009-03-31 06:17 --------- dc----w c:\documents and settings\Owner\Application Data\skypePM
2009-03-27 12:46 --------- dc----w c:\program files\SUPERAntiSpyware
2009-03-27 11:28 --------- dc----w c:\program files\Java
2009-03-07 05:40 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-02 04:14 --------- dc----w c:\program files\OptusNet DSL Internet
2009-02-24 07:25 --------- dc----w c:\program files\Google
2007-12-09 05:18 880 -c----w c:\program files\uDigestV2.vib
2007-12-09 05:18 8,186 -c----w c:\program files\sys32init.clx
2007-12-09 05:18 8,186 -c----w c:\program files\clogo2.bmp
2007-12-09 05:18 400 -c----w c:\program files\uDigestV1.via
2007-12-09 05:18 3,760 -c----w c:\program files\uDigestV4.vid
2007-12-09 05:18 21,538 -c----w c:\program files\dll32sys.clx
2007-12-09 05:18 21,538 -c----w c:\program files\clogo1.bmp
2007-12-09 05:18 1,840 -c----w c:\program files\uDigestV3.vic
2008-08-05 22:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-30 1851128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OptusNet DSL Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
-----c--- 2004-02-03 22:45 155648 c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
-----c--- 2005-05-17 17:42 933888 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
-----c--- 2007-11-03 17:35 599280 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
-----c--- 2003-11-24 16:40 155648 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-08-21 02:15 483328 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-----c--- 2003-08-21 02:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 15:31 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
-----c--- 2005-03-17 14:45 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-05-16 16:58 213936 c:\_olddata\Ntfs - hp_pavilio\Program Files\Common Files\InstallShield\UpdateService\Isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 18:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a--c--- 2007-05-18 07:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-12-11 00:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2003-09-25 08:21 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2003-12-05 18:50 3022848 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
-----c--- 2005-03-17 14:25 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a--c--- 2008-09-04 14:24 3256320 c:\program files\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-10-16 14:57 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2003-11-03 15:50 221184 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
-----c--- 2005-01-26 18:02 49152 c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-----c--- 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-03-27 21:28 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
-----c--- 2003-10-29 11:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2009-03-23 14:07 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--------- 2007-07-27 12:11 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
-----c--- 2004-02-03 22:07 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
-----c--- 2003-08-19 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a--c--- 2007-04-11 07:46 709992 c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
-----c--- 2003-09-16 16:01 184320 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2003-12-05 18:50 753664 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MSCamSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! web scanner"=3 (0x3)
"avast! mail scanner"=3 (0x3)
"avast! antivirus"=2 (0x2)
"aswupdsv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TmProxy"=2 (0x2)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Update_004-D240-A9P_106-146_6190_v1r.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-02-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-02-03 24192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 03:11]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-UfSeAgnt - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe
MSConfigStartUp-AutoTBar - AUTOTBAR.EXE
MSConfigStartUp-pccguide - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 09:47:50
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-01 9:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-31 23:52:21

Pre-Run: 52,933,599,232 bytes free
Post-Run: 52,867,260,416 bytes free

330 --- E O F --- 2009-02-11 15:30:59

Blade81
2009-04-01, 10:30
Hi

According to the log Comodo was disabled correctly.

Please post contents of fresh dds.txt file too :)

azurablue
2009-04-01, 10:51
Hi Blade

Can't find the dds.txt file. There's 2 on my desktop, but they don't appear to be from combofix. One says it's a screensaver (properties), and the other one appears to be gmer. Where can I find the one you want as there was only one log on the screen when combofix finished scanning. My lack of knowledge here is shining through like a beacon at the moment :red:

Thanks!

Julie

Blade81
2009-04-01, 19:57
Hi

You should get one by running DDS (dds.scr) again :)

azurablue
2009-04-02, 00:11
Ok, there were 2 when I ran dds.scr, but I'm assuming that this is the one you wanted.

Also, I've noticed something!! :eek: When I look up Bits and Automatic Updates to try and restart them, the "path to executable" reads... %fystemRoot%\System32\svchost.exe -k netsvcs. Shouldn't "fystemRoot%" be "systemRoot%"? Other executables seem to be systemroot. I managed to see through the bright beacon! :snorkle:.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 7:00:56.87 on Thu 02/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.268 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1238153351_fef06fda1a9c32a4785414c70560dffb&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-2-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive

==================== Find3M ====================

2009-03-02 14:29 0 ac------ c:\windows\system32\drivers\4ada505b.sys
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 7:01:49.34 ===============

Blade81
2009-04-02, 11:54
Hi again,

Please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for %fystemRoot% and click OK. Post the logfile from the tool here for me.

azurablue
2009-04-02, 14:06
Ok, downloaded Registry Search Tool and nothing came up! Yet, when I go into Run, Services.msc and double click on Bits or Automatic updates, it shows "%fystemroot%\system32\svchost.exe -k netsvcs" in "Path to executables". Weird! Mind you, wasn't this deleted in one of the scan cleanups we did? Maybe this is what is left behind? Is there anyway to manually change it back to %systemroot% ? Argh, curiouser and curiouser. Isn't that what Alice said to the Rabbit? :p:

Blade81
2009-04-02, 19:12
Hi again :)

Uninstall these vulnerable Javas:
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Driver::
4ada505b

File::
C:\-1472982065
c:\windows\system32\drivers\4ada505b.sys
C:\khq

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above (make sure all browser windows are closed), drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Let's also see if you can find fystemroot string with registry search tool.

azurablue
2009-04-04, 02:38
Hello :)

I've uninstalled all recommended instances of outdated Java and Adobe Reader, and I've run AFT Cleaner, Kapersky, Combofix, DDS & Reg Search Tool. Scan logs are below, however RST couldn't find %fystemroot%, when I can SEE that it's there in Services. Soooo, I looked up regedit and found 2 instances of %fystemroot%, in both Bits and AU. I've attached a printscreen of the page (for Bits only) in Paint. If I'm not allowed to do this :oops:, I'll type out the required detail for you to see.

Also, I have another small problem. Somehow, Nokia Media Player has become the "default" file type for bmp & some other files. When I saved something in paint as a bmp, even though I changed the "open with" progam manually to paint (and it opens in paint), the file type still shows as Nokia Media File. Argh! I'm not even sure how this happened in the first place :fear:

Thank you SO much for your help so far!!! :)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:31:18.85 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.337 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive

==================== Find3M ====================

2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 8:32:25.18 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/03/2009 5:12:33 PM (735 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 49.332 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
Java(TM) 6 Update 13
Java(TM) 6 Update 2
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/04/2009 11:31:50 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:34:02 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:33:50 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 1:37:44 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
31/03/2009 12:52:23 PM, error: Dhcp [1002] - The IP address lease 122.105.154.146 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 12:19:06 PM, error: Dhcp [1002] - The IP address lease 58.106.43.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:59:26 AM, error: Dhcp [1002] - The IP address lease 58.106.138.9 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:37:16 AM, error: Dhcp [1002] - The IP address lease 122.111.16.161 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:13:50 AM, error: Dhcp [1002] - The IP address lease 58.106.155.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 6:22:04 PM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
28/03/2009 9:26:11 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 9:00:42 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 5:20:14 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 4:42:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================


ComboFix 09-04-01.01 - Owner 2009-04-03 17:07:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.270 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point

FILE ::
C:\-1472982065
C:\khq
c:\windows\system32\drivers\4ada505b.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1472982065
C:\khq
c:\windows\system32\drivers\4ada505b.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4ada505b


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-03-30 07:35 . 2008-04-14 10:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 . 2004-08-04 15:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 . 2004-08-04 15:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:35 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:33 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-30 07:32 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-30 07:31 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-30 07:30 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-30 07:29 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-03-30 07:28 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-30 07:27 . 2008-04-14 10:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-30 07:26 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-30 07:25 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-30 07:24 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-30 07:23 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-30 07:22 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-30 07:21 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 . 2009-03-30 00:26 155,384 --a--c--- c:\windows\system32\guard32.dll
2009-03-30 00:26 . 2009-03-30 00:26 110,992 --a--c--- c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 . 2009-03-30 00:26 24,336 --a--c--- c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 . 2009-03-29 22:49 <DIR> d----c--- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-03-29 00:04 . 2009-03-29 00:04 <DIR> d----c--- C:\Rooter$
2009-03-28 21:28 . 2009-03-28 21:28 <DIR> d----c--- c:\program files\Windows Resource Kits
2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d----c--- c:\program files\ERUNT
2009-03-28 02:32 . 2009-03-28 09:17 <DIR> d----c--- c:\program files\AskBarDis
2009-03-28 02:32 . 2009-03-28 02:32 253,688 --a--c--- c:\windows\system32\cssdll32.dll
2009-03-28 02:31 . 2009-03-30 00:26 <DIR> d----c--- c:\program files\COMODO
2009-03-28 02:31 . 2009-03-30 02:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Comodo
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-26 16:49 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 . 2009-03-26 16:49 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-27 22:45 . 2009-03-27 22:45 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2009-03-27 22:29 . 2009-03-27 22:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\QuickScan
2009-03-27 21:29 . 2009-03-27 21:28 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-27 17:01 . 2009-03-27 20:37 <DIR> d----c--- c:\program files\Windows Live Safety Center
2009-03-07 15:32 . 2009-03-11 18:25 <DIR> d----c--- c:\program files\Ascentive
2009-03-07 15:32 . 2008-12-10 17:34 208,896 --a--c--- c:\windows\system32\ConTest.dll
2009-03-07 15:32 . 2008-11-06 16:04 36,864 --a--c--- c:\windows\system32\ascbalon.dll
2009-03-07 15:32 . 2008-11-06 16:04 20,480 --a--c--- c:\windows\system32\SysRestore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 06:57 --------- dc----w c:\program files\Java
2009-04-03 03:21 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-02 06:29 --------- dc----w c:\program files\Auction Sentry
2009-04-02 01:40 --------- dc----w c:\documents and settings\Owner\Application Data\Skype
2009-04-02 01:16 --------- dc----w c:\documents and settings\Owner\Application Data\skypePM
2009-03-31 23:36 --------- dc----w c:\program files\Trend Micro
2009-03-27 12:46 --------- dc----w c:\program files\SUPERAntiSpyware
2009-03-07 05:40 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-02 04:14 --------- dc----w c:\program files\Siemens Subscriber Networks
2009-03-02 04:14 --------- dc----w c:\program files\OptusNet DSL Internet
2009-02-24 07:25 --------- dc----w c:\program files\Google
2009-02-18 07:29 --------- dc----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-17 14:34 --------- dc----w c:\program files\Common Files\Apple
2009-02-17 11:22 --------- dc----w c:\program files\Alwil Software
2009-02-17 10:51 --------- dc----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-14 07:06 --------- dc----w c:\program files\QuickTime
2009-02-14 07:06 --------- dc----w c:\program files\Bonjour
2009-02-14 07:05 --------- dc----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-14 07:04 --------- dc----w c:\program files\Apple Software Update
2009-02-14 07:04 --------- dc----w c:\documents and settings\All Users\Application Data\Apple
2007-12-09 05:18 880 -c----w c:\program files\uDigestV2.vib
2007-12-09 05:18 8,186 -c----w c:\program files\sys32init.clx
2007-12-09 05:18 8,186 -c----w c:\program files\clogo2.bmp
2007-12-09 05:18 400 -c----w c:\program files\uDigestV1.via
2007-12-09 05:18 3,760 -c----w c:\program files\uDigestV4.vid
2007-12-09 05:18 21,538 -c----w c:\program files\dll32sys.clx
2007-12-09 05:18 21,538 -c----w c:\program files\clogo1.bmp
2007-12-09 05:18 1,840 -c----w c:\program files\uDigestV3.vic
2008-08-05 22:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-30 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
-----c--- 2004-02-03 22:45 155648 c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
-----c--- 2005-05-17 17:42 933888 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
-----c--- 2007-11-03 17:35 599280 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
-----c--- 2003-11-24 16:40 155648 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-08-21 02:15 483328 c:\windows\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-----c--- 2003-08-21 02:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 15:31 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
-----c--- 2005-03-17 14:45 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-05-16 16:58 213936 c:\_olddata\Ntfs - hp_pavilio\Program Files\Common Files\InstallShield\UpdateService\Isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 18:02 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a--c--- 2007-05-18 07:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-12-11 00:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2003-09-25 08:21 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2003-12-05 18:50 3022848 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
-----c--- 2005-03-17 14:25 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a--c--- 2008-09-04 14:24 3256320 c:\program files\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-10-16 14:57 81920 c:\windows\system32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2003-11-03 15:50 221184 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
-----c--- 2005-01-26 18:02 49152 c:\program files\Brother\Brmfl05a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-----c--- 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-03-27 21:28 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
-----c--- 2003-10-29 11:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2009-03-23 14:07 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--------- 2007-07-27 12:11 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
-----c--- 2004-02-03 22:07 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
-----c--- 2003-08-19 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a--c--- 2007-04-11 07:46 709992 c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
-----c--- 2003-09-16 16:01 184320 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2003-12-05 18:50 753664 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MSCamSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! web scanner"=3 (0x3)
"avast! mail scanner"=3 (0x3)
"avast! antivirus"=2 (0x2)
"aswupdsv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TmProxy"=2 (0x2)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Update_004-D240-A9P_106-146_6190_v1r.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-02-03 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 17:13:41
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-03 17:18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 07:18:50
ComboFix2.txt 2009-03-31 23:52:27

Pre-Run: 53,131,034,624 bytes free
Post-Run: 53,173,211,136 bytes free

315 --- E O F --- 2009-02-11 15:30:59


KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, April 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 03, 2009 09:13:38
Records in database: 2004123
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 103784
Threat name: 4
Infected objects: 14
Suspicious objects: 6
Duration of the scan: 02:52:53


File name / Threat name / Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\_OldData\Ntfs - hp_pavilio\Program Files\Common Files\Real\Toolbar\Realbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc398.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc398.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc621.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc621.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc673.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc673.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc777.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc824.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc871.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

Blade81
2009-04-04, 14:11
RST couldn't find %fystemroot%, when I can SEE that it's there in Services. Soooo, I looked up regedit and found 2 instances of %fystemroot%, in both Bits and AU.
Did you try RST with fystemroot string without % -characters and it still didn't find those two? Since it looks like you're familiar with registry editing I let you change those two manually :) Double click that value in data cell. New window should open up. In that window change f->s so that it reads %systemRoot% instead of %fystemRoot% there (let the other part of string be as it was). Repeat with AU service.

Then, uninstall Ask Toolbar if you didn't install it on purpose.


Delete items in C:\_OldData\Ntfs - hp_pavilio\Recycler folder.


Also, I have another small problem. Somehow, Nokia Media Player has become the "default" file type for bmp & some other files. When I saved something in paint as a bmp, even though I changed the "open with" progam manually to paint (and it opens in paint), the file type still shows as Nokia Media File.
Please see "To change which program starts when you double-click a file" -part here (http://support.microsoft.com/?scid=kb%3Ben-us%3B307859).


Post a fresh dds log and let me know did those actions help :)

azurablue
2009-04-04, 15:52
Hello!

Well, Reg Tool worked as you suggested, without % either side. It found 6 instances of fystemroot! That's the "good" news. The "bad" news is, I can't manually edit them. I get an error message saying, "Cannot edt image path: Error writing the value's new contents". This is the same for Automatic Updates too.

I don't know much about the registry, I've only watched a friend look things up via run, regedit.exe... so I did the same and found what I was looking for, although I couldn't find 6 instances of it, so thank you Reg Tool! I've posted the log below for you to see. Because I can't manually edit them via the way you suggested, what now? I googled this prob, and read somewhere that in same instances, people are having to manually reset the value when in safe mode? :banghead::hair:

DDS log attached as requested, and again... thank you so very much for your help so far!

P.s. I've noticed over the last week that my browser takes a long time to close and seems to hang for a bit... yet there are no viruses visible in the scans I've been running. Could this just be due to lack of updates and patches, due to the fystemroot issue?

Cheers!
Julie

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "fystemroot" 4/04/2009 10:38:35 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File2"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"g"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"b"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"

[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"i"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/04/2009 3:40:23 PM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 49.14 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.
RP780: 4/04/2009 5:35:59 PM - System Checkpoint

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/04/2009 4:42:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 4:39:02 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
3/04/2009 4:38:51 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:27 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 1:37:44 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
31/03/2009 12:52:23 PM, error: Dhcp [1002] - The IP address lease 122.105.154.146 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 12:19:06 PM, error: Dhcp [1002] - The IP address lease 58.106.43.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:59:26 AM, error: Dhcp [1002] - The IP address lease 58.106.138.9 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:37:16 AM, error: Dhcp [1002] - The IP address lease 122.111.16.161 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:13:50 AM, error: Dhcp [1002] - The IP address lease 58.106.155.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 6:22:04 PM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
28/03/2009 9:26:11 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 9:00:42 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 5:20:14 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 8:57:42 AM, error: Dhcp [1002] - The IP address lease 58.106.154.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:45:52 AM, error: Dhcp [1002] - The IP address lease 58.107.76.225 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 11:52:24 AM, error: Dhcp [1002] - The IP address lease 58.111.179.115 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 6:21:21 PM, error: Dhcp [1002] - The IP address lease 58.111.180.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:35:22 PM, error: Dhcp [1002] - The IP address lease 122.109.107.105 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

==== End Of File ===========================


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 22:46:46.29 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.294 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-04 12:21 <DIR> -cd----- c:\program files\iPod
2009-04-04 12:21 <DIR> -cd----- c:\program files\iTunes
2009-04-04 12:21 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 12:12 <DIR> -cd----- c:\program files\Bonjour
2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive

==================== Find3M ====================

2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 22:47:44.23 ===============

azurablue
2009-04-04, 15:57
Sorry, should mention that 2 of the 6 fystemroot files (above), are copies that I took for you to look at here and I've saved them on the desktop. I'm not sure about the other ones... they say explorer? And, they're jpegs and bmps??? Curioser. What I think is strange is that the instances of fystemroot in AU and Bits doesn't seem to have shown up in the Reg Tool search. :slap:

azurablue
2009-04-04, 16:01
Doh!! All instances of fystemroot on Desktop are mine! lol. Sorry! So why didn't reg tool pick up the others in Bits and AU?? They must be hidden or something.. and the fact that I can't change them manually says there is something not right going on. Hmmm.

Thanks for your patience!!!!

Julie :red:

Blade81
2009-04-04, 16:21
Hi

Let's try this :)

Creating & executing batch file
-------------------------------

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
regedit /a c:\regExport.txt "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS"
regedit /a c:\regExport2.txt "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv"

Double-click on fixes.bat file to execute it. Post contents of c:\regExport.txt & c:\regExport2.txt back here.

azurablue
2009-04-05, 01:12
Hi :)

I tried to fun fixes.bat, however the window opens and then closes immediately, with no result of any change made, let alone fix having been done. I remember Avast finding a virus "file.bat" not that long ago when I'd picked up a nasty trojan that I think could have been conficker c. Not sure to be exact, but it disabled all security settings and I was unable to even access websites that had the word antivirus or security in it. Luckily Avast fixed it all, however every time I logged on, it would warn me of "file.bat", of which it quarantined every time. Since then I've removed Avast and use Comodo instead.

Hope we're not running out of options! :sad:

Thanks!
Julie

Blade81
2009-04-05, 01:16
Hi

That was not meant to do anything else than create c:\regExport.txt & c:\regExport2.txt files. Can't you find these two files after running the batch?

azurablue
2009-04-05, 01:40
Hi! :oops:

Did a search and found them!!

REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,66,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Background Intelligent Transfer Service"
"DependOnService"=hex(7):52,70,63,73,73,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled."
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,68,e3,0c,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,71,6d,67,72,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\Enum]
"0"="Root\\LEGACY_BITS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,66,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Automatic Updates"
"ObjectName"="LocalSystem"
"Description"="Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site."

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,\
5c,77,75,61,75,73,65,72,76,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\Enum]
"0"="Root\\LEGACY_WUAUSERV\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Blade81
2009-04-05, 21:50
Hi Julie

Run registry search tool with string 4ada505b.sys. Post back the results.

Re-run also GMER that I made you run in the beginning of this thread. Post back the report it gives.

azurablue
2009-04-06, 02:55
Hi Blade81

Ran Reg Tool for *4ada505b.sys* (with and without asterix either side) and nothing was found, and also ran GMER scan, as below.

Again, thanks for your help so far... it is really appreciated :present:





GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-06 09:47:06
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

azurablue
2009-04-06, 05:10
And finally we have lift off!!! :yahoo:

I went into regedit and edited permissions after manually finding both instances of %fystemroot%. This took a few goes though, as I'd change the image path "after" changing permissions, yet it would change back after clicking on something else. Anyhow, restarted the computer and AU and Bits is now working!!!!!

Whatever disabled them both and took away admin permissions is nasty and I just hope that all malware has now been removed. Argh, I've never had anything like this before! What's going on out there in virus world? :fear:

Can you recommend a really good "free" antivirus scanner? As you know I'm using comodo. The firewall is pretty good, but not sure about the antivirus. Is Avast better?

Thanks heaps for your help so far!!! :bow:

Blade81
2009-04-06, 12:16
Hi

Glad to hear situation got better :) May I see a fresh dds log, please? I'll then give you some final instructions based on that.

azurablue
2009-04-06, 12:46
Hi!

Wouldn't have been able to do it without your help! I've learnt so much from all of this. Does that mean I can be a security pro too? :p::laugh::D:

DDS scan logs are below, although the 2nd one says not to post unless specifically requested, however there's some "funny business" at the end of the scan, but have no idea what it means.

Thanks!!
Julie

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 19:39:30.62 on Mon 06/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.184 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [Acme.PCHButton] c:\progra~1\hppavi~1\pavilion\xphwwbp4\plugin\bin\PCHButton.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinCinemaMgr] "c:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SetDefPrt] c:\program files\brother\brmfl05a\BrStDvPt.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]

=============== Created Last 30 ================

2009-04-06 12:47 <DIR> -cd----- c:\windows\system32\XPSViewer
2009-04-06 12:44 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-06 12:44 117,760 -c------ c:\windows\system32\prntvpt.dll
2009-04-06 12:44 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-06 12:44 1,676,288 -c------ c:\windows\system32\xpssvcs.dll
2009-04-06 12:44 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-06 12:44 575,488 -c------ c:\windows\system32\xpsshhdr.dll
2009-04-06 12:44 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-06 12:44 <DIR> -cd----- C:\d068b5b753a6badb6d
2009-04-06 11:05 <DIR> -cd----- c:\program files\common files\xing shared
2009-04-04 12:21 <DIR> -cd----- c:\program files\iPod
2009-04-04 12:21 <DIR> -cd----- c:\program files\iTunes
2009-04-04 12:21 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 12:12 <DIR> -cd----- c:\program files\Bonjour
2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-04-06 11:04 348,160 ac------ c:\windows\system32\msvcr71.dll
2009-04-06 11:04 499,712 ac------ c:\windows\system32\msvcp71.dll
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 19:40:18.64 ===============



DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/06/2009 2:27:48 PM (-1411 hours ago)

Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 49.145 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.
RP780: 4/04/2009 5:35:59 PM - System Checkpoint
RP781: 5/04/2009 5:45:14 PM - System Checkpoint
RP782: 6/04/2009 11:04:30 AM - Removed Auction Sentry
RP783: 6/04/2009 11:06:56 AM - Removed eBay Toolbar
RP784: 6/04/2009 11:12:31 AM - Removed Java(TM) 6 Update 2
RP785: 6/04/2009 12:32:16 PM - Software Distribution Service 3.0

==== Installed Programs ======================


3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
Easy Internet Sign-up
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
iTunes
Java(TM) 6 Update 13
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/04/2009 5:25:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 5:24:28 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
3/04/2009 5:24:28 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:27 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 8:57:42 AM, error: Dhcp [1002] - The IP address lease 58.106.154.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:45:52 AM, error: Dhcp [1002] - The IP address lease 58.107.76.225 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 11:52:24 AM, error: Dhcp [1002] - The IP address lease 58.111.179.115 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 6:21:21 PM, error: Dhcp [1002] - The IP address lease 58.111.180.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:35:22 PM, error: Dhcp [1002] - The IP address lease 122.109.107.105 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/04/2009 12:31:58 AM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
5/04/2009 2:54:34 AM, error: Dhcp [1002] - The IP address lease 122.111.19.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/04/2009 8:27:36 AM, error: Dhcp [1002] - The IP address lease 58.106.30.44 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/04/2009 10:20:51 AM, error: Dhcp [1002] - The IP address lease 122.105.159.83 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/04/2009 10:53:58 AM, error: Dhcp [1002] - The IP address lease 58.107.77.109 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/04/2009 6:26:23 PM, error: Dhcp [1002] - The IP address lease 122.111.92.210 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 9:39:28 AM, error: Dhcp [1002] - The IP address lease 122.111.14.77 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 10:28:39 AM, error: Dhcp [1002] - The IP address lease 122.105.152.17 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 11:10:42 AM, error: Dhcp [1002] - The IP address lease 122.111.16.216 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 11:43:18 AM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
6/04/2009 11:46:27 AM, error: Dhcp [1002] - The IP address lease 58.111.183.33 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 11:47:26 AM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
6/04/2009 2:35:39 PM, error: Dhcp [1002] - The IP address lease 122.111.11.235 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 4:00:40 PM, error: Dhcp [1002] - The IP address lease 122.111.14.85 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 6:08:22 PM, error: Dhcp [1002] - The IP address lease 58.106.41.173 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
6/04/2009 7:39:34 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

==== End Of File ===========================

Blade81
2009-04-06, 14:26
Hi

Let's try set rights for your user account to those two registry keys.


Download ERUNT (http://www.softpedia.com/get/Tweak/Registry-Tweak/Erunt-g.shtml)
Save it to your desktop. Run and install this program.

In the box that opens ONLY choose
System registry.

Then click OK.

Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


Click Start then Run
Type in regedit
Click Ok.

In left pane of registry editor, Navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv

Click once on the key name to highlight it and click on the Permission menu option under Edit. Uncheck Allow inheritible permissions and press copy. Click on everyone and put a checkmark in full control, press apply and ok.

Repeat with HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS key.

azurablue
2009-04-06, 17:18
Hi Blade

Ran ERUNT as suggested, however I'm confused with the next part in the Registry Editor :scratch:

I highlighted the key you outlined, clicked on edit and went into advanced to get to the permissions tab. "Inherent from parent the permission entries etc." was already unticked (is this the area you're talking about?), and I'm not sure about hitting "copy" as there's no copy button there? Under Permissions for Administrators, Full Control and Read are both already ticked so didn't need to do anything there. It's just the "inherent" and "copy" parts that confuse me. Argh, my beacon is shining brightly again!! :red:

Thanks!
Julie

Blade81
2009-04-06, 17:42
Hi Julie

If those permissions were already set as full control then no need to adjust anything with that. However, please see if group or usernames table (on permissions window) contains SYSTEM and if it has full control set.

azurablue
2009-04-06, 17:46
Nope! Nothing in Group or username table. None of the boxes are ticked on that table either. Only ticked boxes are on the security window, and they're Full Control and Read :)

Blade81
2009-04-06, 17:52
Hi

Could you attach a screenshot of either BITS or wuauserv permissions window, please? Picture usually gives better idea of situation :)

azurablue
2009-04-06, 18:01
Hi Blade

Screen shots of wuauscrv as requested :)


Thanks!
Julie

Blade81
2009-04-06, 18:08
Ok. That explains it better :)

Please do following in Permissions for wuauserv window:
1. Click Add.
2. In select users or groups window there's "Enter the object names to select" -listbox. Please write SYSTEM into that box and click Check Names -button. If name was correct it should appear underlined after that. Please click OK to close the window.
3. In Permissions window make sure SYSTEM is activated and then set Full Control & Read as allowed in Permissions table.

Repeat that same thing for BITS key.

azurablue
2009-04-06, 18:15
All done! :D:

Have I had some nasties or what?! :fear:

Am I clear now?

Julie

Blade81
2009-04-06, 18:17
Yes, I think it's time to wrap this topic up :)

You asked earlier if Avast would be good choice to replace Comodo Antivirus. Yes, that would be good one.


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

Click START then RUN
Now type "c:\documents and settings\Owner\Desktop\ComboFix.exe" /u in the runbox and click OK



Next we remove all used tools.

Please download OTMoveIt3 (http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe) and save it to desktop.

Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

azurablue
2009-04-06, 19:15
Blade

All done and the computer is running like clockwork! I can't thank you enough for all your patience and help. This is the first time I've used these help forums.... and hopefully it will be the last! hehe. Meant in the nicest possible way of course.

Truly, you've saved me time and money.. and I've learnt a thing or 2 or well!

Here's to a "forever clean" machine. Is that even possible? hehe

Cheers! And thanks heaps!! :beerbeerb:

Julie :angel:

Blade81
2009-04-06, 22:25
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.