Hi
You should get one by running DDS (dds.scr) again
Hi
You should get one by running DDS (dds.scr) again
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Ok, there were 2 when I ran dds.scr, but I'm assuming that this is the one you wanted.
Also, I've noticed something!! When I look up Bits and Automatic Updates to try and restart them, the "path to executable" reads... %fystemRoot%\System32\svchost.exe -k netsvcs. Shouldn't "fystemRoot%" be "systemRoot%"? Other executables seem to be systemroot. I managed to see through the bright beacon! .
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 7:00:56.87 on Thu 02/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.268 [GMT 10:00]
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?AuthParam=1238153351_fef06fda1a9c32a4785414c70560dffb&GroupName=JSC&FilePath=/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab&File=jinstall-6u13-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
S1 4ada505b;4ada505b;c:\windows\system32\drivers\4ada505b.sys [2009-2-17 0]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]
=============== Created Last 30 ================
2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive
==================== Find3M ====================
2009-03-02 14:29 0 ac------ c:\windows\system32\drivers\4ada505b.sys
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat
============= FINISH: 7:01:49.34 ===============
Hi again,
Please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for %fystemRoot% and click OK. Post the logfile from the tool here for me.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Ok, downloaded Registry Search Tool and nothing came up! Yet, when I go into Run, Services.msc and double click on Bits or Automatic updates, it shows "%fystemroot%\system32\svchost.exe -k netsvcs" in "Path to executables". Weird! Mind you, wasn't this deleted in one of the scan cleanups we did? Maybe this is what is left behind? Is there anyway to manually change it back to %systemroot% ? Argh, curiouser and curiouser. Isn't that what Alice said to the Rabbit?
Hi again
Uninstall these vulnerable Javas:
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Open notepad and copy/paste the text in the quotebox below into it:
Code:DDS:: TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File Driver:: 4ada505b File:: C:\-1472982065 c:\windows\system32\drivers\4ada505b.sys C:\khq Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=""
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Refering to the picture above (make sure all browser windows are closed), drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Let's also see if you can find fystemroot string with registry search tool.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hello
I've uninstalled all recommended instances of outdated Java and Adobe Reader, and I've run AFT Cleaner, Kapersky, Combofix, DDS & Reg Search Tool. Scan logs are below, however RST couldn't find %fystemroot%, when I can SEE that it's there in Services. Soooo, I looked up regedit and found 2 instances of %fystemroot%, in both Bits and AU. I've attached a printscreen of the page (for Bits only) in Paint. If I'm not allowed to do this , I'll type out the required detail for you to see.
Also, I have another small problem. Somehow, Nokia Media Player has become the "default" file type for bmp & some other files. When I saved something in paint as a bmp, even though I changed the "open with" progam manually to paint (and it opens in paint), the file type still shows as Nokia Media File. Argh! I'm not even sure how this happened in the first place
Thank you SO much for your help so far!!!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:31:18.85 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.337 [GMT 10:00]
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]
=============== Created Last 30 ================
2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive
==================== Find3M ====================
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat
============= FINISH: 8:32:25.18 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/03/2009 5:12:33 PM (735 hours ago)
Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 70 GiB total, 49.332 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.
==== Installed Programs ======================
3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
Java(TM) 6 Update 13
Java(TM) 6 Update 2
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
==== Event Viewer Messages From Past Week ========
2/04/2009 11:31:50 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:34:02 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:33:50 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 1:37:44 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
31/03/2009 12:52:23 PM, error: Dhcp [1002] - The IP address lease 122.105.154.146 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 12:19:06 PM, error: Dhcp [1002] - The IP address lease 58.106.43.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:59:26 AM, error: Dhcp [1002] - The IP address lease 58.106.138.9 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:37:16 AM, error: Dhcp [1002] - The IP address lease 122.111.16.161 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:13:50 AM, error: Dhcp [1002] - The IP address lease 58.106.155.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 6:22:04 PM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
28/03/2009 9:26:11 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 9:00:42 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 5:20:14 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 4:42:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
==== End Of File ===========================
ComboFix 09-04-01.01 - Owner 2009-04-03 17:07:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.270 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
* Created a new restore point
FILE ::
C:\-1472982065
C:\khq
c:\windows\system32\drivers\4ada505b.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-1472982065
C:\khq
c:\windows\system32\drivers\4ada505b.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_4ada505b
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-03-30 07:35 . 2008-04-14 10:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 . 2004-08-04 15:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 . 2004-08-04 15:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 . 2008-04-14 10:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:35 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:33 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-30 07:32 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-30 07:31 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-30 07:30 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2009-03-30 07:29 . 2001-08-17 12:50 320,384 --a--c--- c:\windows\system32\dllcache\mgaum.sys
2009-03-30 07:28 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-30 07:27 . 2008-04-14 10:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2009-03-30 07:26 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-30 07:25 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-30 07:24 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-30 07:23 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2009-03-30 07:22 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2009-03-30 07:21 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 . 2009-03-30 00:26 155,384 --a--c--- c:\windows\system32\guard32.dll
2009-03-30 00:26 . 2009-03-30 00:26 110,992 --a--c--- c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 . 2009-03-30 00:26 24,336 --a--c--- c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 . 2009-03-29 22:49 <DIR> d----c--- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-03-29 00:04 . 2009-03-29 00:04 <DIR> d----c--- C:\Rooter$
2009-03-28 21:28 . 2009-03-28 21:28 <DIR> d----c--- c:\program files\Windows Resource Kits
2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d----c--- c:\program files\ERUNT
2009-03-28 02:32 . 2009-03-28 09:17 <DIR> d----c--- c:\program files\AskBarDis
2009-03-28 02:32 . 2009-03-28 02:32 253,688 --a--c--- c:\windows\system32\cssdll32.dll
2009-03-28 02:31 . 2009-03-30 00:26 <DIR> d----c--- c:\program files\COMODO
2009-03-28 02:31 . 2009-03-30 02:13 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Comodo
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-27 23:57 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 23:57 . 2009-03-26 16:49 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 . 2009-03-26 16:49 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2009-03-27 22:45 . 2009-03-27 22:45 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2009-03-27 22:29 . 2009-03-27 22:29 <DIR> d----c--- c:\documents and settings\Owner\Application Data\QuickScan
2009-03-27 21:29 . 2009-03-27 21:28 410,984 --a--c--- c:\windows\system32\deploytk.dll
2009-03-27 17:01 . 2009-03-27 20:37 <DIR> d----c--- c:\program files\Windows Live Safety Center
2009-03-07 15:32 . 2009-03-11 18:25 <DIR> d----c--- c:\program files\Ascentive
2009-03-07 15:32 . 2008-12-10 17:34 208,896 --a--c--- c:\windows\system32\ConTest.dll
2009-03-07 15:32 . 2008-11-06 16:04 36,864 --a--c--- c:\windows\system32\ascbalon.dll
2009-03-07 15:32 . 2008-11-06 16:04 20,480 --a--c--- c:\windows\system32\SysRestore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 06:57 --------- dc----w c:\program files\Java
2009-04-03 03:21 --------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-02 06:29 --------- dc----w c:\program files\Auction Sentry
2009-04-02 01:40 --------- dc----w c:\documents and settings\Owner\Application Data\Skype
2009-04-02 01:16 --------- dc----w c:\documents and settings\Owner\Application Data\skypePM
2009-03-31 23:36 --------- dc----w c:\program files\Trend Micro
2009-03-27 12:46 --------- dc----w c:\program files\SUPERAntiSpyware
2009-03-07 05:40 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-02 04:14 --------- dc----w c:\program files\Siemens Subscriber Networks
2009-03-02 04:14 --------- dc----w c:\program files\OptusNet DSL Internet
2009-02-24 07:25 --------- dc----w c:\program files\Google
2009-02-18 07:29 --------- dc----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-02-17 14:34 --------- dc----w c:\program files\Common Files\Apple
2009-02-17 11:22 --------- dc----w c:\program files\Alwil Software
2009-02-17 10:51 --------- dc----w c:\documents and settings\All Users\Application Data\Avg8
2009-02-14 07:06 --------- dc----w c:\program files\QuickTime
2009-02-14 07:06 --------- dc----w c:\program files\Bonjour
2009-02-14 07:05 --------- dc----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-14 07:04 --------- dc----w c:\program files\Apple Software Update
2009-02-14 07:04 --------- dc----w c:\documents and settings\All Users\Application Data\Apple
2007-12-09 05:18 880 -c----w c:\program files\uDigestV2.vib
2007-12-09 05:18 8,186 -c----w c:\program files\sys32init.clx
2007-12-09 05:18 8,186 -c----w c:\program files\clogo2.bmp
2007-12-09 05:18 400 -c----w c:\program files\uDigestV1.via
2007-12-09 05:18 3,760 -c----w c:\program files\uDigestV4.vid
2007-12-09 05:18 21,538 -c----w c:\program files\dll32sys.clx
2007-12-09 05:18 21,538 -c----w c:\program files\clogo1.bmp
2007-12-09 05:18 1,840 -c----w c:\program files\uDigestV3.vic
2008-08-05 22:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a--c--- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-30 1851128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
-----c--- 2004-02-03 22:45 155648 c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
-----c--- 2005-05-17 17:42 933888 c:\program files\Brother\ControlCenter2\brctrcen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 10:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
-----c--- 2007-11-03 17:35 599280 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
-----c--- 2003-11-24 16:40 155648 c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-08-21 02:15 483328 c:\windows\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-----c--- 2003-08-21 02:23 49152 c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 15:31 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
-----c--- 2005-03-17 14:45 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a--c--- 2006-05-16 16:58 213936 c:\_olddata\Ntfs - hp_pavilio\Program Files\Common Files\InstallShield\UpdateService\Isuspm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a--c--- 2003-02-11 18:02 61440 c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a--c--- 2007-05-18 07:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
-----c--- 2003-12-11 00:40 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2003-09-25 08:21 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2003-12-05 18:50 3022848 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
-----c--- 2005-03-17 14:25 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
--a--c--- 2008-09-04 14:24 3256320 c:\program files\Ascentive\Performance Center\ApcMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2003-09-25 03:57 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-10-16 14:57 81920 c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2003-11-03 15:50 221184 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
-----c--- 2005-01-26 18:02 49152 c:\program files\Brother\Brmfl05a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra--c--- 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-----c--- 2003-10-14 10:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2009-03-27 21:28 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
-----c--- 2003-10-29 11:17 135168 c:\program files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2009-03-23 14:07 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--------- 2007-07-27 12:11 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
-----c--- 2004-02-03 22:07 151597 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
-----c--- 2003-08-19 07:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a--c--- 2007-04-11 07:46 709992 c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinCinemaMgr]
-----c--- 2003-09-16 16:01 184320 c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-06-29 09:06 88363 c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 c:\windows\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2003-12-05 18:50 753664 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"MSCamSvc"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"avast! web scanner"=3 (0x3)
"avast! mail scanner"=3 (0x3)
"avast! antivirus"=2 (0x2)
"aswupdsv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TmProxy"=2 (0x2)
"TMBMServer"=2 (0x2)
"SfCtlCom"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Update_004-D240-A9P_106-146_6190_v1r.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-02-03 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\Drivers\SSNDIS5.sys --> c:\windows\system32\Drivers\SSNDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 03:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 17:13:41
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-03 17:18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 07:18:50
ComboFix2.txt 2009-03-31 23:52:27
Pre-Run: 53,131,034,624 bytes free
Post-Run: 53,173,211,136 bytes free
315 --- E O F --- 2009-02-11 15:30:59
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, April 4, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 03, 2009 09:13:38
Records in database: 2004123
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
J:\
K:\
L:\
M:\
Scan statistics:
Files scanned: 103784
Threat name: 4
Infected objects: 14
Suspicious objects: 6
Duration of the scan: 02:52:53
File name / Threat name / Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\_OldData\Ntfs - hp_pavilio\Program Files\Common Files\Real\Toolbar\Realbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc398.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc398.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc621.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc621.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc673.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc673.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc740.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc777.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc787.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc824.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Infected: Trojan-Spy.HTML.Bankfraud.ra 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc834.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\_OldData\Ntfs - hp_pavilio\Recycler\S-1-5-21-279891199-2340602032-2158362982-1003\Dc871.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 1
The selected area was scanned.
Did you try RST with fystemroot string without % -characters and it still didn't find those two? Since it looks like you're familiar with registry editing I let you change those two manually Double click that value in data cell. New window should open up. In that window change f->s so that it reads %systemRoot% instead of %fystemRoot% there (let the other part of string be as it was). Repeat with AU service.RST couldn't find %fystemroot%, when I can SEE that it's there in Services. Soooo, I looked up regedit and found 2 instances of %fystemroot%, in both Bits and AU.
Then, uninstall Ask Toolbar if you didn't install it on purpose.
Delete items in C:\_OldData\Ntfs - hp_pavilio\Recycler folder.
Please see "To change which program starts when you double-click a file" -part here.Also, I have another small problem. Somehow, Nokia Media Player has become the "default" file type for bmp & some other files. When I saved something in paint as a bmp, even though I changed the "open with" progam manually to paint (and it opens in paint), the file type still shows as Nokia Media File.
Post a fresh dds log and let me know did those actions help
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hello!
Well, Reg Tool worked as you suggested, without % either side. It found 6 instances of fystemroot! That's the "good" news. The "bad" news is, I can't manually edit them. I get an error message saying, "Cannot edt image path: Error writing the value's new contents". This is the same for Automatic Updates too.
I don't know much about the registry, I've only watched a friend look things up via run, regedit.exe... so I did the same and found what I was looking for, although I couldn't find 6 instances of it, so thank you Reg Tool! I've posted the log below for you to see. Because I can't manually edit them via the way you suggested, what now? I googled this prob, and read somewhere that in same instances, people are having to manually reset the value when in safe mode?
DDS log attached as requested, and again... thank you so very much for your help so far!
P.s. I've noticed over the last week that my browser takes a long time to close and seems to hang for a bit... yet there are no viruses visible in the scans I've been running. Could this just be due to lack of updates and patches, due to the fystemroot issue?
Cheers!
Julie
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "fystemroot" 4/04/2009 10:38:35 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File1"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"
[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File2"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"
[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"d"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"
[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"g"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"
[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\bmp]
"b"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.bmp"
[HKEY_USERS\S-1-5-21-2316702459-2186928656-1749162862-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpg]
"i"="C:\\Documents and Settings\\Owner\\Desktop\\fystemroot.JPG"
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/05/2007 11:22:40 AM
System Uptime: 4/04/2009 3:40:23 PM (7 hours ago)
Motherboard: ASUSTeK Computer INC. | | Oxford
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 70 GiB total, 49.14 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.338 GiB free.
E: is CDROM ()
F: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\77DC41E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\77DC41E01800
Service: NIC1394
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP680: 16/01/2009 3:15:01 AM - System Checkpoint
RP681: 17/01/2009 8:17:18 AM - System Checkpoint
RP682: 18/01/2009 12:52:08 PM - System Checkpoint
RP683: 19/01/2009 5:21:17 PM - System Checkpoint
RP684: 20/01/2009 6:33:41 PM - System Checkpoint
RP685: 21/01/2009 7:03:40 PM - System Checkpoint
RP686: 21/01/2009 10:34:34 PM - Installed DirectX
RP687: 22/01/2009 1:16:03 AM - Unsigned driver install
RP688: 23/01/2009 2:02:41 AM - System Checkpoint
RP689: 24/01/2009 3:02:38 AM - System Checkpoint
RP690: 25/01/2009 12:05:18 PM - System Checkpoint
RP691: 26/01/2009 12:29:46 PM - System Checkpoint
RP692: 27/01/2009 2:34:14 PM - System Checkpoint
RP693: 28/01/2009 3:30:06 PM - System Checkpoint
RP694: 29/01/2009 4:59:18 PM - System Checkpoint
RP695: 30/01/2009 7:22:39 PM - System Checkpoint
RP696: 31/01/2009 8:11:10 PM - System Checkpoint
RP697: 2/02/2009 7:42:48 AM - System Checkpoint
RP698: 3/02/2009 7:45:54 AM - System Checkpoint
RP699: 4/02/2009 8:24:03 AM - System Checkpoint
RP700: 5/02/2009 8:56:44 AM - System Checkpoint
RP701: 6/02/2009 9:45:48 AM - System Checkpoint
RP702: 7/02/2009 10:33:28 AM - System Checkpoint
RP703: 8/02/2009 10:53:42 AM - System Checkpoint
RP704: 9/02/2009 12:11:23 PM - System Checkpoint
RP705: 10/02/2009 12:38:48 PM - System Checkpoint
RP706: 11/02/2009 1:29:00 PM - System Checkpoint
RP707: 12/02/2009 1:26:21 AM - Software Distribution Service 3.0
RP708: 13/02/2009 8:04:56 AM - System Checkpoint
RP709: 14/02/2009 8:22:03 AM - System Checkpoint
RP710: 14/02/2009 5:06:53 PM - Installed iTunes
RP711: 15/02/2009 5:17:20 PM - System Checkpoint
RP712: 16/02/2009 5:50:43 PM - System Checkpoint
RP713: 18/02/2009 1:55:28 AM - Microsoft OneCare Protection Checkpoint
RP714: 19/02/2009 10:18:55 AM - System Checkpoint
RP715: 20/02/2009 10:50:27 AM - System Checkpoint
RP716: 21/02/2009 11:04:16 AM - System Checkpoint
RP717: 22/02/2009 11:24:24 AM - System Checkpoint
RP718: 23/02/2009 2:03:26 PM - System Checkpoint
RP719: 24/02/2009 2:49:17 PM - System Checkpoint
RP720: 25/02/2009 3:06:47 PM - System Checkpoint
RP721: 26/02/2009 3:17:36 PM - System Checkpoint
RP722: 27/02/2009 3:18:04 PM - System Checkpoint
RP723: 28/02/2009 3:41:05 PM - System Checkpoint
RP724: 1/03/2009 6:29:18 PM - System Checkpoint
RP725: 2/03/2009 6:38:10 PM - System Checkpoint
RP726: 3/03/2009 7:04:49 PM - System Checkpoint
RP727: 4/03/2009 8:26:29 PM - System Checkpoint
RP728: 6/03/2009 7:37:11 AM - System Checkpoint
RP729: 7/03/2009 7:45:27 AM - System Checkpoint
RP730: 7/03/2009 3:32:21 PM - Installed PC SpeedScan Pro
RP731: 7/03/2009 3:40:26 PM - Removed PC SpeedScan Pro
RP732: 8/03/2009 3:46:26 PM - System Checkpoint
RP733: 9/03/2009 5:05:37 PM - System Checkpoint
RP734: 10/03/2009 6:59:44 PM - System Checkpoint
RP735: 12/03/2009 1:00:08 AM - System Checkpoint
RP736: 13/03/2009 1:29:09 AM - System Checkpoint
RP737: 14/03/2009 2:42:40 AM - System Checkpoint
RP738: 15/03/2009 3:27:56 AM - System Checkpoint
RP739: 16/03/2009 4:27:56 AM - System Checkpoint
RP740: 17/03/2009 5:27:58 AM - System Checkpoint
RP741: 18/03/2009 6:27:57 AM - System Checkpoint
RP742: 19/03/2009 7:36:25 AM - System Checkpoint
RP743: 20/03/2009 8:01:24 AM - System Checkpoint
RP744: 21/03/2009 8:03:08 AM - System Checkpoint
RP745: 22/03/2009 9:03:10 AM - System Checkpoint
RP746: 23/03/2009 11:56:25 AM - System Checkpoint
RP747: 24/03/2009 1:45:15 PM - System Checkpoint
RP748: 25/03/2009 2:34:48 PM - System Checkpoint
RP749: 26/03/2009 3:01:51 PM - System Checkpoint
RP750: 27/03/2009 4:02:57 PM - System Checkpoint
RP751: 27/03/2009 8:33:38 PM - Cleaned registry with Windows Live OneCare safety scanner
RP752: 27/03/2009 9:28:31 PM - Installed Java(TM) 6 Update 13
RP753: 27/03/2009 9:42:09 PM - Installed Windows XP KB958644.
RP754: 27/03/2009 9:58:13 PM - Installed Windows XP KB960714.
RP755: 27/03/2009 10:46:03 PM - Installed SUPERAntiSpyware Free Edition
RP756: 28/03/2009 6:12:28 PM - Installed Windows XP KB958690.
RP757: 28/03/2009 6:29:42 PM - Installed Trend Micro Internet Security
RP758: 28/03/2009 9:28:32 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
RP759: 28/03/2009 11:16:59 PM - Automatic Restore Point
RP760: 30/03/2009 1:02:12 AM - Installed Windows XP KB958644.
RP761: 30/03/2009 1:04:13 AM - Installed Windows XP KB958690.
RP762: 30/03/2009 1:05:26 AM - Installed Windows XP KB960225.
RP763: 30/03/2009 1:06:48 AM - Installed Windows XP KB938464-v2.
RP764: 30/03/2009 1:08:13 AM - Installed Windows XP KB958687.
RP765: 30/03/2009 1:11:48 AM - Installed Windows XP KB960715.
RP766: 30/03/2009 1:13:58 AM - Installed Windows XP KB961260.
RP767: 30/03/2009 1:16:10 AM - Installed Windows Media Player KB952069.
RP768: 31/03/2009 3:26:49 PM - System Checkpoint
RP769: 1/04/2009 9:34:45 AM - Removed Trend Micro Internet Security
RP770: 1/04/2009 9:38:15 AM - ComboFix created restore point
RP771: 2/04/2009 10:26:14 AM - System Checkpoint
RP772: 3/04/2009 11:20:09 AM - System Checkpoint
RP773: 3/04/2009 4:41:13 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP774: 3/04/2009 4:55:46 PM - Removed Java(TM) 6 Update 2
RP775: 3/04/2009 4:55:50 PM - Removed Java(TM) 6 Update 3
RP776: 3/04/2009 4:57:02 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
RP777: 3/04/2009 5:06:42 PM - ComboFix created restore point
RP778: 3/04/2009 5:25:10 PM - Removed Adobe Reader 7.1.0
RP779: 3/04/2009 5:29:21 PM - Installed Adobe Reader 9.1.
RP780: 4/04/2009 5:35:59 PM - System Checkpoint
==== Installed Programs ======================
3D World Atlas
913D Camera
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Ask Toolbar
Auction Sentry
Bonjour
Broderbund Home Design 5.1
Brother MFL-Pro Suite
COMODO Internet Security
Easy Internet Sign-up
eBay Toolbar
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HouseCall 6.6
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Software Update
HpSdpAppCoreApp
InterVideo Home Theater
InterVideo Teletext Epg Scanner
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
InterVideo WinDVDX
InterVideo WinDVRX
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
KBD
Learning Ladder 3
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
MUSICMATCH® Jukebox
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Driver
OptusNet DSL
PaperPort
PC-Doctor for Windows
PC Connectivity Solution
Performance Center
PhoTags Express
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Siemens Subscriber Networks SpeedStream DSL
Skype™ 3.8
Sonic Update Manager
SUPERAntiSpyware Free Edition
System Requirements Lab
Toolkit View(HP)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
==== Event Viewer Messages From Past Week ========
3/04/2009 4:42:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/04/2009 4:39:02 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
3/04/2009 4:38:51 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/04/2009 2:05:14 PM, error: Dhcp [1002] - The IP address lease 58.106.26.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:27 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 1:16:06 PM, error: Dhcp [1002] - The IP address lease 58.106.158.143 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 12:13:48 PM, error: Dhcp [1002] - The IP address lease 58.106.31.162 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 11:41:19 AM, error: Dhcp [1002] - The IP address lease 58.111.180.122 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 10:18:18 AM, error: Dhcp [1002] - The IP address lease 58.111.180.211 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 9:57:29 AM, error: Dhcp [1002] - The IP address lease 58.106.137.246 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 9:44:04 PM, error: Dhcp [1002] - The IP address lease 122.111.94.81 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 6:33:35 PM, error: Dhcp [1002] - The IP address lease 114.78.41.87 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
2/04/2009 3:34:34 PM, error: Dhcp [1002] - The IP address lease 58.106.46.254 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:59:29 PM, error: Dhcp [1002] - The IP address lease 58.106.46.111 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 5:23:28 PM, error: Dhcp [1002] - The IP address lease 114.78.32.179 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 4:37:16 PM, error: Dhcp [1002] - The IP address lease 122.111.17.176 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 12:15:15 PM, error: Dhcp [1002] - The IP address lease 58.111.182.140 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:34:41 AM, error: Dhcp [1002] - The IP address lease 58.106.158.23 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 11:26:22 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
1/04/2009 11:10:35 AM, error: Dhcp [1002] - The IP address lease 58.106.152.158 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 9:32:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SfCtlCom with arguments "" in order to run the server: {1A65BAB7-30B1-4FB7-BC13-D00C28FCF605}
1/04/2009 9:08:57 AM, error: Dhcp [1002] - The IP address lease 122.111.12.236 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 8:31:56 AM, error: Dhcp [1002] - The IP address lease 58.111.177.75 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
1/04/2009 7:48:44 AM, error: Dhcp [1002] - The IP address lease 122.105.156.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:28:16 PM, error: Dhcp [1002] - The IP address lease 122.111.18.37 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 6:34:19 PM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:48:45 PM, error: Dhcp [1002] - The IP address lease 58.106.27.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 5:08:58 PM, error: Dhcp [1002] - The IP address lease 58.111.179.195 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:39:33 PM, error: Dhcp [1002] - The IP address lease 58.111.178.96 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 4:13:32 PM, error: Dhcp [1002] - The IP address lease 58.111.181.50 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 1:37:44 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
31/03/2009 12:52:23 PM, error: Dhcp [1002] - The IP address lease 122.105.154.146 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 12:19:06 PM, error: Dhcp [1002] - The IP address lease 58.106.43.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:59:26 AM, error: Dhcp [1002] - The IP address lease 58.106.138.9 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:37:16 AM, error: Dhcp [1002] - The IP address lease 122.111.16.161 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 11:13:50 AM, error: Dhcp [1002] - The IP address lease 58.106.155.135 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
31/03/2009 8:55:32 AM, error: Dhcp [1002] - The IP address lease 58.106.141.100 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 8:01:48 PM, error: Dhcp [1002] - The IP address lease 58.111.180.61 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 2:40:38 PM, error: Dhcp [1002] - The IP address lease 122.105.156.91 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 10:07:37 AM, error: Dhcp [1002] - The IP address lease 58.106.138.110 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 10:51:27 PM, error: Dhcp [1002] - The IP address lease 58.106.40.244 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 9:24:43 PM, error: Dhcp [1002] - The IP address lease 122.111.11.206 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 6:22:04 PM, error: Dhcp [1002] - The IP address lease 122.111.18.163 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
29/03/2009 12:31:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
28/03/2009 9:26:11 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 9:00:42 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
28/03/2009 7:43:19 PM, error: Dhcp [1002] - The IP address lease 122.105.158.46 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 6:38:42 PM, error: Dhcp [1002] - The IP address lease 122.111.13.24 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 5:20:14 PM, error: Dhcp [1002] - The IP address lease 122.111.94.219 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 3:15:46 PM, error: Dhcp [1002] - The IP address lease 122.109.124.175 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 1:33:31 PM, error: Dhcp [1002] - The IP address lease 58.107.76.239 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
28/03/2009 10:22:46 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
28/03/2009 8:28:49 AM, error: Dhcp [1002] - The IP address lease 58.106.27.169 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
3/04/2009 6:17:05 PM, error: Dhcp [1002] - The IP address lease 58.107.77.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 1:54:10 AM, error: Dhcp [1002] - The IP address lease 58.111.181.29 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 8:57:42 AM, error: Dhcp [1002] - The IP address lease 58.106.154.72 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:45:52 AM, error: Dhcp [1002] - The IP address lease 58.107.76.225 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 11:52:24 AM, error: Dhcp [1002] - The IP address lease 58.111.179.115 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 6:21:21 PM, error: Dhcp [1002] - The IP address lease 58.111.180.123 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
4/04/2009 9:35:22 PM, error: Dhcp [1002] - The IP address lease 122.109.107.105 for the Network Card with network address 00112F05609A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
30/03/2009 7:35:34 AM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.
30/03/2009 7:21:23 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
==== End Of File ===========================
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 22:46:46.29 on Sat 04/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.294 [GMT 10:00]
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177982790325
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180607378625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab
TCP: {54C6303B-7DBA-4795-9A6D-D4B26741E783} = 4.2.2.1,4.2.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-30 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-30 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-3-30 700152]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-2-3 24192]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-12-25 29696]
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;c:\windows\system32\drivers\ssndis5.sys --> c:\windows\system32\drivers\SSNDIS5.sys [?]
=============== Created Last 30 ================
2009-04-04 12:21 <DIR> -cd----- c:\program files\iPod
2009-04-04 12:21 <DIR> -cd----- c:\program files\iTunes
2009-04-04 12:21 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-04 12:12 <DIR> -cd----- c:\program files\Bonjour
2009-04-01 09:37 161,792 ac------ c:\windows\SWREG.exe
2009-04-01 09:37 98,816 ac------ c:\windows\sed.exe
2009-03-30 07:35 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-30 07:35 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-30 07:35 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-03-30 07:35 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-03-30 07:35 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-03-30 07:35 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-03-30 07:35 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-03-30 07:35 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-03-30 07:35 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-03-30 07:35 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-03-30 07:33 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-03-30 07:32 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-03-30 07:31 210,496 ac------ c:\windows\system32\dllcache\s3mvirge.dll
2009-03-30 07:30 75,776 ac------ c:\windows\system32\dllcache\philcam1.sys
2009-03-30 07:29 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-03-30 07:28 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-03-30 07:27 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-03-30 07:26 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-03-30 07:25 117,760 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-03-30 07:24 72,832 ac------ c:\windows\system32\dllcache\cwbwdm.sys
2009-03-30 07:23 66,082 ac------ c:\windows\system32\dllcache\c_20106.nls
2009-03-30 07:22 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2009-03-30 07:21 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-03-30 00:26 155,384 ac------ c:\windows\system32\guard32.dll
2009-03-30 00:26 110,992 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-03-30 00:26 24,336 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-29 22:47 <DIR> -cd----- c:\docume~1\owner\applic~1\HouseCall 6.6
2009-03-29 00:04 <DIR> -cd----- C:\Rooter$
2009-03-28 21:28 <DIR> -cd----- c:\program files\Windows Resource Kits
2009-03-28 02:32 253,688 ac------ c:\windows\system32\cssdll32.dll
2009-03-28 02:32 <DIR> -cd----- c:\program files\AskBarDis
2009-03-28 02:31 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Comodo
2009-03-28 02:31 <DIR> -cd----- c:\program files\COMODO
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-27 23:57 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-27 23:57 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 23:57 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 23:57 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 22:45 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2009-03-27 22:29 <DIR> -cd----- c:\docume~1\owner\applic~1\QuickScan
2009-03-27 21:29 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-07 15:32 36,864 ac------ c:\windows\system32\ascbalon.dll
2009-03-07 15:32 20,480 ac------ c:\windows\system32\SysRestore.dll
2009-03-07 15:32 208,896 ac------ c:\windows\system32\ConTest.dll
2009-03-07 15:32 <DIR> -cd----- c:\program files\Ascentive
==================== Find3M ====================
2009-02-09 21:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2007-12-09 15:18 21,538 -c------ c:\program files\dll32sys.clx
2007-12-09 15:18 21,538 -c------ c:\program files\clogo1.bmp
2007-12-09 15:18 8,186 -c------ c:\program files\sys32init.clx
2007-12-09 15:18 8,186 -c------ c:\program files\clogo2.bmp
2007-12-09 15:18 3,760 -c------ c:\program files\uDigestV4.vid
2007-12-09 15:18 1,840 -c------ c:\program files\uDigestV3.vic
2007-12-09 15:18 880 -c------ c:\program files\uDigestV2.vib
2007-12-09 15:18 400 -c------ c:\program files\uDigestV1.via
2004-07-01 16:11 0 ac-sh--- c:\windows\sminst\HPCD.SYS
2008-08-06 08:48 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat
============= FINISH: 22:47:44.23 ===============
Sorry, should mention that 2 of the 6 fystemroot files (above), are copies that I took for you to look at here and I've saved them on the desktop. I'm not sure about the other ones... they say explorer? And, they're jpegs and bmps??? Curioser. What I think is strange is that the instances of fystemroot in AU and Bits doesn't seem to have shown up in the Reg Tool search.
Doh!! All instances of fystemroot on Desktop are mine! lol. Sorry! So why didn't reg tool pick up the others in Bits and AU?? They must be hidden or something.. and the fact that I can't change them manually says there is something not right going on. Hmmm.
Thanks for your patience!!!!
Julie