PDA

View Full Version : Win32.Rungbu.a Removal Help



DanTheMan004
2009-06-28, 09:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:54 p.m., on 28/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
D:\4t Tray Minimizer\4t-min.exe
D:\Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.saintkentigern.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = staffproxy.sk.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sk.edu;*.skc.school.nz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-21-991029079-1526732445-2833680940-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-991029079-1526732445-2833680940-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-991029079-1526732445-2833680940-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = D:\4t Tray Minimizer\4t-min.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\System32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\System32\proxypal.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wslsp002.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wslsp002.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wslsp002.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wslsp002.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wslsp002.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wslsp002.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189582357528
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Microsoft Interactive Training\O10C\mitm0026.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9166 bytes

Shaba
2009-06-30, 06:59
Hi DanTheMan004

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

c:\windows\system32\wslsp002.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

DanTheMan004
2009-06-30, 07:24
Filename: wslsp002.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 30 Jun 2009 06:23:53 (CET) Permalink

Shaba
2009-06-30, 08:40
Do you recognize that file?

DanTheMan004
2009-06-30, 09:13
no, I don't recognize it.

Shaba
2009-06-30, 17:44
Then let's look a bit deeper.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
wslsp002.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

DanTheMan004
2009-07-01, 07:16
SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 16:13 on 01/07/2009 by 10621 (Administrator - Elevation successful)

========== filefind ==========

Searching for "wslsp002.dll"
C:\WINDOWS\system32\wslsp002.dll --a--- 94320 bytes [21:39 15/04/2007] [00:45 13/04/2004] 5568E611DC19D8218B4B924F4B09400B

-=End Of File=-

Shaba
2009-07-01, 08:44
Ok, that might be legit.

If you right-click that file and choose Properties, does it say anything about owner?

DanTheMan004
2009-07-01, 09:12
No it doesn't.

Shaba
2009-07-01, 09:32
So let's then leave it alone, at least for a while.

Please download RSIT (http://images.malwareremoval.com/random/RSIT.exe) by random/random... save it to your desktop.

Double click on RSIT.exe to run it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... 2 logs files...will be produced.
The first one, "log.txt", will be maximized
The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

DanTheMan004
2009-07-01, 09:40
The scan gave an error. Listen, thanks for your help thus far, but I think I'll just reformat the pc.

Shaba
2009-07-01, 10:42
OK.

I see no reason to reformat.

If that scan fails, we will try another.

Download at your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.

DanTheMan004
2009-07-01, 11:27
DDS (Ver_09-06-26.01) - NTFSx86
Run by 10621 at 20:25:55.97 on Wed 01/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.2.1252.64.1033.18.751.326 [GMT 12:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AhnRpta.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
D:\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.saintkentigern.com/
uInternet Settings,ProxyServer = staffproxy.sk.edu:8080
uInternet Settings,ProxyOverride = *.sk.edu;*.skc.school.nz
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdoosoft] c:\windows\system32\olhrwef.exe
mRun: [PmProxy] c:\program files\analog devices\soundmax\PmProxy.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\10621\startm~1\programs\startup\4ttray~1.lnk - d:\4t tray minimizer\4t-min.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Define - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Look Up in &Encyclopedia - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: {2FDEF853-0759-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_ENC.HTM
IE: {5DA9DE80-097A-11D4-A92E-006097DBED37} - c:\program files\common files\microsoft shared\reference 2001\a\ERS_DEF.HTM
IE: {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - c:\windows\system32\proxypal.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\wslsp002.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189582357528
DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} - file://c:\program files\microsoft interactive training\o10c\mitm0026.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: hook dll rising: {bb4c402f-882a-4526-8c08-51278ea437c1} - c:\windows\system32\e8main0.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\10621\applic~1\mozilla\firefox\profiles\bo3qs85w.daniel\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 2
FF - HiddenExtension: Java Console: No Registry Reference - d:\firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 wscam0008;wscam0008;c:\windows\system32\drivers\wscam0008.sys [2007-4-16 18288]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2005-1-12 6016]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-19 57216]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys --> c:\windows\system32\drivers\cdaudio.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys --> c:\windows\system32\drivers\CDSPACEX.sys [?]
S3 fem556BI;3Com 3ccfem556BI PCMCIA Device Driver;c:\windows\system32\drivers\fem556ni.sys [2007-10-31 22090]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2003-11-13 169984]
S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\drivers\tworabts.sys --> c:\windows\system32\drivers\TwoRabts.sys [?]
S4 WebsenseDesktopClient;DTMWS5;c:\program files\cca\wdc.exe --> c:\program files\cca\WDC.exe [?]

=============== Created Last 30 ================

2009-07-01 16:11 107,917 ---shr-- C:\hifdmgt.com
2009-06-30 16:19 108,386 ---shr-- C:\2nuk.com
2009-06-29 18:28 106,931 ---shr-- C:\n0euybx.exe
2009-06-28 18:51 <DIR> --d----- c:\program files\Trend Micro
2009-06-28 16:59 105,984 ---shr-- c:\windows\system32\nmdfgds1.dll
2009-06-28 16:59 106,748 ---shr-- C:\uo10sn.cmd
2009-06-28 16:59 107,917 ---shr-- c:\windows\system32\olhrwef.exe
2009-06-28 16:59 105,984 -------- c:\windows\system32\nmdfgds0.dll
2009-06-28 16:53 <DIR> --d----- C:\VundoFix Backups
2009-06-28 12:09 850 a------- c:\windows\system32\ProductTweaks.xml
2009-06-28 12:09 385 a------- c:\windows\system32\user_gensett.xml
2009-06-28 12:06 <DIR> --d----- c:\windows\system32\logs
2009-06-28 12:05 <DIR> --d----- c:\program files\BitDefender
2009-06-28 12:03 <DIR> --d----- c:\program files\common files\BitDefender
2009-06-27 12:15 108,007 ---shr-- C:\metdgv.bat
2009-06-25 16:25 107,097 ---shr-- C:\s.exe
2009-06-24 17:04 106,448 ---shr-- C:\8paf1d.com
2009-06-24 16:17 106,209 ---shr-- C:\xbvv6o.com
2009-06-23 18:14 105,255 ---shr-- C:\y6yol.exe
2009-06-23 16:05 106,074 ---shr-- C:\m.com
2009-06-21 10:17 105,093 ---shr-- C:\cahpcg.cmd
2009-06-19 16:19 105,528 ---shr-- C:\d9c.bat
2009-06-18 17:16 104,274 ---shr-- C:\gbm6n.exe
2009-06-16 16:05 61 ---shr-- C:\autorun.inf
2009-06-15 19:33 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-14 12:48 102,664 ---shr-- C:\sv8c2bjw.bat
2009-06-13 08:42 104,425 ---shr-- C:\xdglur.bat
2009-06-12 16:15 103,184 ---shr-- C:\9dlvtiil.exe
2009-06-12 16:05 106,407 ---shr-- C:\1f.bat
2009-06-10 23:23 79,372,292 a------- C:\ced_final.mpg
2009-06-10 22:44 60,788,224 a------- C:\ced2.avi
2009-06-10 07:38 104,655 ---shr-- C:\6phx.com
2009-06-07 13:10 101,528 ---shr-- C:\sm.exe
2009-06-06 08:26 104,157 ---shr-- C:\8.exe
2009-06-04 18:19 103,180 ---shr-- C:\gclwpivc.cmd
2009-06-02 22:36 74,893,316 a------- C:\5.mpg
2009-06-02 22:35 71,776 a------- C:\5.veg.bak
2009-06-02 21:38 74,893,316 a------- C:\4.mpg
2009-06-02 18:55 <DIR> --d----- C:\CED

==================== Find3M ====================

2009-06-30 12:21 12,208 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-06-29 11:01 70,144 ac------ c:\docume~1\10621\applic~1\GDIPFONTCACHEV1.DAT
2009-06-03 16:06 105,244 ---shr-- C:\q9.cmd
2009-05-28 16:03 105,980 ---shr-- C:\2a.exe
2009-05-24 11:16 107,351 ---shr-- C:\3.cmd
2009-05-23 08:31 106,849 ---shr-- C:\lad.bat
2009-05-22 16:03 105,850 ---shr-- C:\xh319r9b.bat
2009-05-20 16:04 105,436 ---shr-- C:\ukvr.bat
2009-05-19 16:03 106,117 ---shr-- C:\uhoxajc.cmd
2009-05-15 16:02 105,213 ---shr-- C:\j.cmd
2009-05-14 07:54 107,633 ---shr-- C:\w.com
2009-05-12 18:08 107,662 ---shr-- C:\lc.exe
2009-05-10 11:39 108,772 ---shr-- C:\ysep1.exe
2009-05-09 09:11 107,947 ---shr-- C:\hkn6k.bat
2009-05-07 16:12 107,719 ---shr-- C:\boyedt.com
2009-05-06 16:09 107,389 ---shr-- C:\rbj9jn1n.bat
2009-05-05 17:47 106,919 ---shr-- C:\nu.cmd
2009-05-04 16:24 108,194 ---shr-- C:\fbak.exe
2009-05-01 16:08 105,429 ---shr-- C:\e2.cmd
2009-04-29 18:14 105,774 ---shr-- C:\ymxf2.exe
2009-04-27 14:18 106,709 ---shr-- C:\eyt.exe
2009-04-25 12:05 106,749 ---shr-- C:\npee.com
2009-04-24 14:11 109,167 ---shr-- C:\vwewav8.com
2009-04-23 12:18 109,601 ---shr-- C:\g1ljsm.com
2009-04-20 12:44 108,855 ---shr-- C:\ej10fkdo.bat
2009-04-17 09:53 108,169 ---shr-- C:\husyu8n.exe
2009-04-16 10:59 109,249 ---shr-- C:\0xuc.com
2009-04-14 11:33 109,163 ---shr-- C:\qwtb.com
2009-04-13 11:18 108,730 ---shr-- C:\i.cmd
2009-04-10 19:41 98,304 ---shr-- c:\windows\system32\nmdfgds2.dll
2009-04-10 19:41 110,321 ---shr-- C:\1ogf.exe
2009-04-05 08:29 110,480 ---shr-- C:\upw.bat
2009-04-03 15:15 109,512 ---shr-- C:\cqxj.exe

============= FINISH: 20:26:29.01 ===============

DanTheMan004
2009-07-01, 11:28
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16/04/2007 8:37:00 a.m.
System Uptime: 7/01/2009 4:08:23 p.m. (4204 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1400MHz | IC1005 | 1396/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 21 GiB total, 3.387 GiB free.
D: is FIXED (NTFS) - 35 GiB total, 1.699 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP756: 3/06/2009 9:52:50 p.m. - System Checkpoint
RP757: 5/06/2009 7:26:37 p.m. - System Checkpoint
RP758: 7/06/2009 11:13:34 a.m. - System Checkpoint
RP759: 8/06/2009 4:46:39 p.m. - System Checkpoint
RP760: 9/06/2009 4:55:00 p.m. - System Checkpoint
RP761: 10/06/2009 7:50:33 p.m. - System Checkpoint
RP762: 12/06/2009 6:10:39 p.m. - System Checkpoint
RP763: 13/06/2009 6:38:16 p.m. - System Checkpoint
RP764: 14/06/2009 7:18:39 p.m. - System Checkpoint
RP765: 15/06/2009 7:29:42 p.m. - Restore Operation
RP766: 16/06/2009 9:52:08 a.m. - Software Distribution Service 3.0
RP767: 17/06/2009 4:46:06 p.m. - System Checkpoint
RP768: 18/06/2009 7:56:48 p.m. - System Checkpoint
RP769: 19/06/2009 8:23:47 p.m. - System Checkpoint
RP770: 20/06/2009 9:32:02 p.m. - System Checkpoint
RP771: 21/06/2009 9:33:48 p.m. - System Checkpoint
RP772: 22/06/2009 10:46:54 p.m. - System Checkpoint
RP773: 24/06/2009 8:01:17 p.m. - System Checkpoint
RP774: 25/06/2009 9:28:17 p.m. - System Checkpoint
RP775: 27/06/2009 12:11:01 p.m. - System Checkpoint
RP776: 28/06/2009 12:48:39 a.m. - Removed McAfee VirusScan Enterprise
RP777: 28/06/2009 12:04:58 p.m. - Installed BitDefender Total Security 2009
RP778: 28/06/2009 2:09:53 p.m. - Removed BitDefender Total Security 2009
RP779: 29/06/2009 9:00:55 a.m. - Software Distribution Service 3.0
RP780: 29/06/2009 2:00:52 p.m. - Software Distribution Service 3.0
RP781: 30/06/2009 4:15:58 p.m. - System Checkpoint
RP782: 30/06/2009 4:20:05 p.m. - Software Distribution Service 3.0
RP783: 1/07/2009 4:50:25 p.m. - System Checkpoint
RP784: 1/07/2009 7:02:17 p.m. - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3ds max 5.1 Service Pack 1
7-Zip 4.42
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Shockwave Player
AIO_Scan
Apple Software Update
µTorrent
Audacity 1.2.6
Auralia
Autograph 3.20
AutoUpdate
Axara Video Converter 3.4.0
Bluetooth Stack for Windows by Toshiba
BodyWorks 6.0
BufferChm
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Crocodile Chemistry 1.5
Crocodile Physics 1.5
Crocodile Technology 1.5
DDS Thumbnail Viewer
DivX
DJ_AIO_Software
DJ_AIO_Software_min
Dorling Kindersley Application Database v1.4
Drag'n Drop CD+DVD
DVD-RAM Driver
DVD Region Killer
DVD Ripper 4
EAX Unified
EAX4 Unified Redist
Eyewitness Encyclopedia of Science 2.0
FirstClass® Client
Fraps (remove only)
French for the Real World
FX Draw 2
FX Equation 2
FX Graph 2
FX Stat 1
Graphmatica 1.60e
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB916089)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Deskjet All-In-One Software 9.0
HP PrecisionScan LTX
Ice Crystal
IconPackager
Illuminatus Opus
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo AVControlSDK
InterVideo WinDVD 4
Jasc Paint Shop Pro 8
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Journal Search
K-Lite Codec Pack 4.3.4 (Basic)
Malwarebytes' Anti-Malware
Max Payne 2
Max Payne 2 Tools
Mean City: Learn French and Survive!
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2001
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft XML Parser
MicroWorlds 2.03
MilkShape 3D 1.8.2
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Musition
neroxml
Notepad++
oggcodecs 0.69.8924
OpenAL
Overture 3.1.0
PC Success
Powertoys For Windows XP
ProxyPal Uninstall
PTC ProDESKTOP Student 2001
QuickTime
QuickTime 3.0
QuickTime for Windows (32-bit)
save2pc Light 3.32
Scan
SchoolKiT REX v3.1.3
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958690)
Shockwave
SmartFTP Client
Sony Vegas Pro 8.0
SoundMAX
SpeechRedist
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Sven Co-op 3.0
The Specialists 2.1
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Tom Clancy's Splinter Cell Demo
Toolbox
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
Toshiba Hotkey Utility for Display Devices
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.00
TOSHIBA Utilities
UnloadSupport
Update for Microsoft .NET Framework 3.0 (KB932394)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Virtual Makeover the Collection
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Messenger 5.1
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
Wireless Hotkey
WordWeb
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

30/06/2009 4:00:50 p.m., error: Dhcp [1002] - The IP address lease 10.8.17.189 for the Network Card with network address 0090967CCE48 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
29/06/2009 4:01:25 p.m., error: Dhcp [1002] - The IP address lease 10.8.25.74 for the Network Card with network address 0090967CCE48 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
28/06/2009 2:45:40 p.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif
28/06/2009 2:12:15 p.m., error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
28/06/2009 12:27:59 p.m., error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the BitDefender Desktop Update Service service to connect.
28/06/2009 12:27:59 p.m., error: Service Control Manager [7000] - The BitDefender Desktop Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/06/2009 12:01:16 p.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
26/06/2009 9:47:30 a.m., error: Dhcp [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 0090967CCE48 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
26/06/2009 8:01:40 p.m., error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
25/06/2009 8:30:52 p.m., error: NetBT [4321] - The name "SKCSTUDENT :1d" could not be registered on the Interface with IP address 192.168.1.66. The machine with the IP address 192.168.1.65 did not allow the name to be claimed by this machine.
25/06/2009 4:24:46 p.m., error: System Error [1003] - Error code 100000d1, parameter1 80687000, parameter2 000000ff, parameter3 00000000, parameter4 f9fab302.
25/06/2009 4:22:42 p.m., error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
25/06/2009 4:01:11 p.m., error: Dhcp [1002] - The IP address lease 10.8.25.13 for the Network Card with network address 0090967CCE48 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
24/06/2009 9:21:49 p.m., error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
24/06/2009 7:36:42 p.m., information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\cdaudio.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
24/06/2009 7:36:35 p.m., error: Service Control Manager [7000] - The AVPsys service failed to start due to the following error: A device attached to the system is not functioning.
24/06/2009 4:01:26 p.m., error: Dhcp [1002] - The IP address lease 10.8.18.137 for the Network Card with network address 0090967CCE48 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
24/06/2009 4:00:49 p.m., error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/06/2009 3:59:23 p.m., error: NETLOGON [5719] - No Domain Controller is available for domain SKCSTUDENT due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/07/2009 4:03:26 p.m., error: Dhcp [1002] - The IP address lease 10.8.28.43 for the Network Card with network address 0090967CCE48 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Shaba
2009-07-01, 16:28
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS log scan when finished and post the logs back here.

DanTheMan004
2009-07-02, 08:11
Hi, I appreciate your help, but I have decided to get my pc re-imaged. It is simply too slow at the moment, and I need it to be fast for an assignment shortly.

Shaba
2009-07-02, 09:00
OK, post back then a fresh HijackThis log afterwards and I will give final instructions :)

Shaba
2009-07-08, 16:51
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.