Nothing will run

:oops:
I managed to make another mistake...

I ran combofix in safe mode, and forgot I would have no internet connection. when It asked to download the recovery console I selected no (No internet connection). It began a scan anyway and found some files all beginning with "UAC" and said it needed to reboot. It did, restarted, and asked about the recovery console again. This time I selected yes and hoped my internet connection (wireless) had connected, It began and told me it had started deleting things causing me to begin sweating profusely.

I do believe to has got rid of culprit (or most of it), as security centre is running again. If It has deleted anything very important, system restore seems to be functioning again.

I also noticed it found limewire, I can assure you I removed the programme before asking for help as I understood your stance on there use. It is just the leftover file which I will delete

ComboFix 09-08-30.04 - matthew 05/09/2009 20:28.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.688 [GMT 1:00]
Running from: c:\documents and settings\matthew\Desktop\fileabc.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\matthew\Application Data\~tmp.html
c:\documents and settings\matthew\Local Settings\Temporary Internet Files\pse_350_enu.exe
c:\documents and settings\NetworkService\Application Data\wsnpoem
c:\documents and settings\NetworkService\Application Data\wsnpoem\audio.dll
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3149183000-4224800964-3587131884-1003
c:\windows\msa.exe
c:\windows\run.log
c:\windows\system32\1692464871.dat
c:\windows\system32\drivers\UACyrxdorgruf.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\net.net
c:\windows\system32\sdra64.exe
c:\windows\system32\UACfrlaixsnic.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmbcjjkdldo.db
c:\windows\system32\UACmemdooukwv.dll
c:\windows\system32\UACnedwjyifdm.dll
c:\windows\system32\UACoayxyljwqc.dll
c:\windows\system32\UACxlqaosopqy.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 11:54 . 2009-09-05 11:54 -------- d-----w- c:\documents and settings\matthew\Local Settings\Application Data\PCHealth
2009-08-25 20:11 . 2009-08-25 20:11 -------- d-----w- c:\program files\Trend micro
2009-08-25 20:06 . 2009-08-25 20:07 -------- d-----w- c:\program files\ERUNT
2009-08-21 15:59 . 2009-08-21 15:59 82824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 22:18 . 2009-08-17 22:30 -------- d-----w- c:\documents and settings\matthew\Application Data\The Path
2009-08-11 20:03 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 20:10 . 2006-06-10 17:30 -------- d-----w- c:\program files\LimeWire
2009-08-25 19:02 . 2009-06-08 09:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-25 18:58 . 2009-06-08 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 18:29 . 2006-09-01 02:43 -------- d-----w- c:\program files\Common Files\Command Software
2009-08-20 16:40 . 2005-12-01 20:12 282 ----a-w- c:\windows\freedom.backup.dat
2009-08-20 16:39 . 2005-11-02 15:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-20 16:27 . 2009-08-20 16:27 784855 ----a-w- c:\windows\system32\xa.tmp
2009-08-16 13:55 . 2008-11-10 03:24 -------- d-----w- c:\documents and settings\matthew\Application Data\uTorrent
2009-08-16 05:49 . 2008-12-17 20:21 -------- d-----w- c:\program files\PeerGuardian2
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 08:03 . 2009-08-02 08:03 -------- d-----w- c:\program files\SixaxisDriver
2009-08-02 06:58 . 2005-05-17 21:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 06:53 . 2006-12-22 18:51 -------- d-----w- c:\program files\THQ
2009-08-01 06:51 . 2009-08-01 06:51 -------- d-----w- c:\program files\7-Zip
2009-07-31 01:27 . 2009-05-27 21:44 -------- d-----w- c:\documents and settings\matthew\Application Data\com.zipeg
2009-07-26 23:31 . 2006-09-16 14:23 -------- d-----w- c:\program files\Warcraft III
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2004-08-04 08:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 08:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-13 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\matthew\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo fix.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\sdv2.testme.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW fixer.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"427:UDP"= 427:UDP:SLP_Port(427)

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/03/2005 15:39 200192]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26/04/2008 23:42 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [02/08/2009 08:28 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [02/08/2009 09:03 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-08-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2169900019-2424393451-1430571776-1007Core.job
- c:\documents and settings\matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 02:42]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2169900019-2424393451-1430571776-1007UA.job
- c:\documents and settings\matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 02:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 20:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\documents and settings\matthew\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-09-05 20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 19:44

Pre-Run: 30,995,963,904 bytes free
Post-Run: 30,817,275,904 bytes free

222 --- E O F --- 2009-09-05 19:39
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by matthew at 21:02:31.51 on 05/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.532 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\matthew\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\matthew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\matthew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "c:\documents and settings\matthew\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\matthew\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-4-26 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-2 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-8-2 27904]

=============== Created Last 30 ================

2009-09-05 20:43 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-09-05 20:16 229,376 a------- c:\windows\PEV.exe
2009-09-05 20:16 161,792 a------- c:\windows\SWREG.exe
2009-09-05 20:16 98,816 a------- c:\windows\sed.exe
2009-08-25 21:11 <DIR> --d----- c:\program files\Trend micro
2009-08-20 18:32 268 a---h--- C:\sqmdata07.sqm
2009-08-20 18:32 244 a---h--- C:\sqmnoopt07.sqm
2009-08-20 17:27 784,855 a------- c:\windows\system32\xa.tmp
2009-08-17 23:18 <DIR> --d----- c:\docume~1\matthew\applic~1\The Path
2009-08-11 21:04 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 21:03 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\cache\mshtml.dll
2009-07-19 14:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-06-29 12:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 12:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 09:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 09:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 09:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 13:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 15:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 07:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-05-11 22:32 83,216 a------- c:\docume~1\matthew\applic~1\GDIPFONTCACHEV1.DAT
2006-07-09 18:28 2,024 a------- c:\docume~1\matthew\applic~1\wklnhst.dat

============= FINISH: 21:02:43.39 ===============
 
DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/11/2005 15:45:47
System Uptime: 09/05/2009 20:36:28 (2857 hours ago)

Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3800+ | U23 | 2393/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 28.726 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP1105: 20/08/2009 17:38:19 - System Checkpoint
RP1106: 20/08/2009 17:38:23 - Removed Sonic MyDVD Plus
RP1107: 20/08/2009 17:38:29 - System Checkpoint
RP1108: 20/08/2009 17:38:33 - System Checkpoint
RP1109: 20/08/2009 17:38:36 - System Checkpoint
RP1110: 20/08/2009 17:38:39 - Removed Rome - Total War
RP1111: 20/08/2009 17:38:46 - Removed Rome Total War - patch 1.3
RP1112: 20/08/2009 17:38:51 - System Checkpoint
RP1113: 20/08/2009 17:38:57 - Software Distribution Service 3.0
RP1114: 20/08/2009 17:38:59 - Software Distribution Service 3.0
RP1115: 20/08/2009 17:39:04 - Software Distribution Service 3.0
RP1116: 20/08/2009 17:39:09 - Software Distribution Service 3.0
RP1117: 20/08/2009 17:39:11 - Software Distribution Service 3.0
RP1118: 20/08/2009 17:39:13 - System Checkpoint
RP1119: 20/08/2009 17:39:16 - System Checkpoint
RP1120: 20/08/2009 17:39:19 - System Checkpoint
RP1121: 20/08/2009 17:39:22 - System Checkpoint
RP1122: 20/08/2009 17:39:24 - System Checkpoint
RP1123: 20/08/2009 17:39:26 - System Checkpoint
RP1124: 20/08/2009 17:39:29 - System Checkpoint
RP1125: 20/08/2009 17:39:30 - System Checkpoint
RP1126: 20/08/2009 17:39:32 - System Checkpoint
RP1127: 20/08/2009 17:39:33 - Software Distribution Service 3.0
RP1128: 20/08/2009 17:39:35 - System Checkpoint
RP1129: 20/08/2009 17:39:38 - System Checkpoint
RP1130: 20/08/2009 17:39:40 - Software Distribution Service 3.0
RP1131: 20/08/2009 17:39:41 - System Checkpoint
RP1132: 20/08/2009 17:39:42 - System Checkpoint
RP1133: 20/08/2009 17:39:44 - Removed Dawn of War - Dark Crusade
RP1134: 20/08/2009 17:39:48 - Configured Command & Conquer Generals
RP1135: 20/08/2009 17:39:50 - Configured Command and ConquerTM Generals Zero Hour
RP1136: 20/08/2009 17:39:51 - System Checkpoint
RP1137: 20/08/2009 17:39:53 - System Checkpoint
RP1138: 20/08/2009 17:39:55 - System Checkpoint
RP1139: 20/08/2009 17:39:58 - System Checkpoint
RP1140: 20/08/2009 17:40:00 - Software Distribution Service 3.0
RP1141: 20/08/2009 17:40:02 - System Checkpoint
RP1142: 20/08/2009 17:40:06 - System Checkpoint
RP1143: 20/08/2009 17:40:08 - System Checkpoint
RP1144: 20/08/2009 17:40:09 - System Checkpoint
RP1145: 25/08/2009 19:28:28 - Configured ntl Netguard
RP1146: 25/08/2009 20:24:20 - Software Distribution Service 3.0
RP1147: 25/08/2009 20:43:44 - Software Distribution Service 3.0
RP1148: 05/09/2009 20:28:07 - ComboFix created restore point
RP1149: 05/09/2009 20:38:42 - Software Distribution Service 3.0

==== Installed Programs ======================


32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Anti-Spyware
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
AS-Patch-Reset
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
µTorrent
Authentium
Bonjour
Borland Delphi 6
BufferChm
C6300
C6300_Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Registration Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destination Component
Deus Ex
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Easy Internet Sign-up
ERUNT 1.1j
Far Cry (Patch 1)
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry (Patch 1.33)
Far Cry (Patch 1.4)
GameSpy Arcade
Google Chrome
Google Earth
Half-Life
Half-Life(R)
Half-Life: Blue Shift
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Help and Support
HP Imaging Device Functions 11.0
HP Integrated Module with Bluetooth wireless technology
HP Pavillion zv6000 User Guides
HP Photosmart Essential 3.5
HP Update
HP Wireless Assistant 1.01 A3
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HpSdpAppCoreApp
ImageMixer 3 SE for SD
InterBase
InterVideo WinDVD
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Jurassic Park Mod
LightScribe 1.4.31.1
MarketResearch
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Word 2002
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Network
OCR Software by I.R.I.S. 11.0
Opposing Force
PanoStandAlone
PeerGuardian 2.0
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PS2 EyeToy SLEH-00031 Webcam
PSSWCORE
Quick Launch Buttons 5.10 B3
QuickTime
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shockwave
SixaxisDriver 0.91
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Update Manager
Sony Ericsson PC Suite
SpeedFan (remove only)
Spybot - Search & Destroy
SQL Server System CLR Types
Starcraft Brood War (RAZOR 1911)
Status
Steam(TM)
Synaptics Pointing Device Driver
System Requirements Lab
Team Fortress Classic
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Toolbox
TrayApp
Trust Webcam 14839
ubi.com
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update Service
UserGuides
VideoToolkit01
VLC media player 0.9.2
Warcraft III
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Works Upgrade

==== Event Viewer Messages From Past Week ========

31/08/2009 12:18:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eabfiltr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
31/08/2009 12:18:54, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2009 12:18:54, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2009 12:18:54, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2009 12:18:54, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2009 12:18:54, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2009 12:18:54, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
31/08/2009 12:18:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
31/08/2009 12:18:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
31/08/2009 10:20:06, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
31/08/2009 10:20:06, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
31/08/2009 10:19:45, error: Service Control Manager [7023] - The Task Scheduler service terminated with the following error: Access is denied.
31/08/2009 00:47:17, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
31/08/2009 00:47:17, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/08/2009 01:58:16, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0014A5126AF1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/09/2009 20:18:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
05/09/2009 20:01:04, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
03/09/2009 13:25:16, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707).

==== End Of File ===========================
 
I also noticed it found limewire, I can assure you I removed the programme before asking for help as I understood your stance on there use. It is just the leftover file which I will delete
Click to expand...
Hi,

I have similar stance on uTorrent too. Please, uninstall it.

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\windows\system32\xa.tmp
c:\StubInstaller.exe
Folder::
c:\program files\LimeWire
c:\documents and settings\matthew\Application Data\uTorrent
c:\Program Files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 & 9.1.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player & Shockwave entries and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Something went wrong with combofix, the log is empty. I "think" it asked about creating a new file when it finished, I selected yes and the log popped up empty.

Everything else went fine (I had to use a windows install cleaner tool to get rid of the old java).


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 8, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 08, 2009 19:04:28
Records in database: 2761135
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 90817
Threats found: 10
Infected objects found: 10
Suspicious objects found: 1
Scan duration: 02:31:37


File name / Threat / Threats count
C:\Program Files\Online Services\BTYahoo\HPPre05.msi Infected: not-a-virus:Dialer.Win32.BT.g 1
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Infected: Trojan.Win32.FraudPack.qvn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACyrxdorgruf.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir Suspicious: Packed.Win32.PECompact 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sdra64.exe.vir Infected: Trojan-Spy.Win32.Zbot.aaks 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfrlaixsnic.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmemdooukwv.dll.vir Infected: Trojan.Win32.Tdss.anrc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnedwjyifdm.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACoayxyljwqc.dll.vir Infected: Trojan.Win32.TDSS.amwo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir Infected: Trojan.Win32.Vilsel.fr 1
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame 1

Selected area has been scanned.
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by matthew at 21:28:21.28 on 08/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.668 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\matthew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\matthew\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-4-26 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-2 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-8-2 27904]

=============== Created Last 30 ================

2009-09-08 18:05 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-08 17:52 <DIR> --d----- c:\documents and settings\matthew\.SunDownloadManager
2009-09-08 17:37 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-09-06 17:35 <DIR> --d----- c:\windows\system32\Adobe
2009-09-06 17:04 <DIR> a-dshr-- C:\cmdcons
2009-09-06 17:02 <DIR> --ds---- C:\Combofix
2009-09-05 20:16 230,912 a------- c:\windows\PEV.exe
2009-09-05 20:16 161,792 a------- c:\windows\SWREG.exe
2009-09-05 20:16 98,816 a------- c:\windows\sed.exe
2009-08-25 21:11 <DIR> --d----- c:\program files\Trend micro
2009-08-20 18:32 268 a---h--- C:\sqmdata07.sqm
2009-08-20 18:32 244 a---h--- C:\sqmnoopt07.sqm
2009-08-17 23:18 <DIR> --d----- c:\docume~1\matthew\applic~1\The Path
2009-08-11 21:04 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 21:03 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-06-29 12:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 12:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 09:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 09:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 09:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 13:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-05-11 22:32 83,216 a------- c:\docume~1\matthew\applic~1\GDIPFONTCACHEV1.DAT
2006-07-09 18:28 2,024 a------- c:\docume~1\matthew\applic~1\wklnhst.dat

============= FINISH: 21:28:50.32 ===============
 
Oh! and spybot still won't run. It still has the same "windows cannot find path" error.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/11/2005 15:45:47
System Uptime: 09/08/2009 17:46:39 (724 hours ago)

Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3800+ | U23 | 2393/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 28.885 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP1152: 06/09/2009 17:32:58 - Installed Adobe Reader 9.1.
RP1153: 06/09/2009 17:52:30 - Software Distribution Service 3.0
RP1154: 08/09/2009 17:37:37 - Installed Windows Installer Clean Up
RP1155: 08/09/2009 18:05:05 - Installed Java(TM) 6 Update 16

==== Installed Programs ======================


32 Bit HP CIO Components Installer
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Anti-Spyware
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
AS-Patch-Reset
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Authentium
Bonjour
Borland Delphi 6
BufferChm
C6300
C6300_Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Registration Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CDisplay 1.8
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destination Component
Deus Ex
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Easy Internet Sign-up
ERUNT 1.1j
Far Cry (Patch 1)
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry (Patch 1.33)
Far Cry (Patch 1.4)
GameSpy Arcade
Google Earth
Half-Life
Half-Life(R)
Half-Life: Blue Shift
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Help and Support
HP Imaging Device Functions 11.0
HP Integrated Module with Bluetooth wireless technology
HP Pavillion zv6000 User Guides
HP Photosmart Essential 3.5
HP Update
HP Wireless Assistant 1.01 A3
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPPhotoSmartPhotobookWebPack1
HpSdpAppCoreApp
ImageMixer 3 SE for SD
InterBase
InterVideo WinDVD
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 16
Jurassic Park Mod
LightScribe 1.4.31.1
MarketResearch
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Word 2002
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Network
OCR Software by I.R.I.S. 11.0
Opposing Force
PanoStandAlone
PeerGuardian 2.0
PS_AIO_04_C6300_ProductContext
PS_AIO_04_C6300_Software
PS_AIO_04_C6300_Software_Min
PS2 EyeToy SLEH-00031 Webcam
PSSWCORE
Quick Launch Buttons 5.10 B3
QuickTime
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SixaxisDriver 0.91
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Update Manager
Sony Ericsson PC Suite
SpeedFan (remove only)
Spybot - Search & Destroy
SQL Server System CLR Types
Starcraft Brood War (RAZOR 1911)
Status
Steam(TM)
Synaptics Pointing Device Driver
System Requirements Lab
Team Fortress Classic
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Toolbox
TrayApp
Trust Webcam 14839
ubi.com
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Update Service
UserGuides
VideoToolkit01
VLC media player 0.9.2
Warcraft III
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Works Upgrade

==== Event Viewer Messages From Past Week ========

06/09/2009 17:50:43, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
06/09/2009 17:32:01, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'update' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
06/09/2009 17:19:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
06/09/2009 17:19:45, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
06/09/2009 17:18:24, error: Service Control Manager [7023] - The Task Scheduler service terminated with the following error: Access is denied.
06/09/2009 17:10:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
06/09/2009 16:30:48, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0014A5126AF1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
05/09/2009 21:09:28, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707).
05/09/2009 20:27:34, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
05/09/2009 20:24:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
05/09/2009 20:15:46, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
05/09/2009 20:13:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eabfiltr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
05/09/2009 20:13:46, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
05/09/2009 20:13:46, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/09/2009 20:13:46, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/09/2009 20:13:46, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
05/09/2009 20:13:46, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
05/09/2009 20:13:46, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/09/2009 12:16:30, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
03/09/2009 12:16:30, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
 
Hi,

Download this to same location with Spybot. Then drag'n'drop Spybot .exe file to it. That should open the lock.

Is there ComboFix.txt file there on your c: drive? If not (or it's empty) then run ComboFix again to get the log.
 
Ok, Spybot is running, turned of teatimer.

The newest combofix log in C: is blank, the old log has been moved to Qoobox.

Should I simply just double click the .exe to run again or should I repeat the steps you instructed with the CfScript.txt?
 
ComboFix 09-09-08.09 - matthew 09/09/2009 18:57.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.632 [GMT 1:00]
Running from: c:\documents and settings\matthew\Desktop\Combofix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ltfil13n.DLL

.
((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 12:45 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 17:05 . 2009-09-08 17:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-08 16:52 . 2009-09-08 16:58 -------- d-----w- c:\documents and settings\matthew\.SunDownloadManager
2009-09-08 16:37 . 2009-09-08 16:37 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-06 16:35 . 2009-09-06 16:35 -------- d-----w- c:\windows\system32\Adobe
2009-09-05 11:54 . 2009-09-05 11:54 -------- d-----w- c:\documents and settings\matthew\Local Settings\Application Data\PCHealth
2009-08-25 20:11 . 2009-08-25 20:11 -------- d-----w- c:\program files\Trend micro
2009-08-25 20:06 . 2009-08-25 20:07 -------- d-----w- c:\program files\ERUNT
2009-08-21 15:59 . 2009-08-21 15:59 82824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 22:18 . 2009-08-17 22:30 -------- d-----w- c:\documents and settings\matthew\Application Data\The Path
2009-08-11 20:03 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 12:46 . 2009-06-08 09:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-08 17:05 . 2005-05-17 21:56 -------- d-----w- c:\program files\Java
2009-09-08 16:42 . 2008-11-11 16:23 -------- d-----w- c:\program files\MSECache
2009-09-06 16:31 . 2005-11-02 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-25 18:58 . 2009-06-08 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 18:29 . 2006-09-01 02:43 -------- d-----w- c:\program files\Common Files\Command Software
2009-08-20 16:40 . 2005-12-01 20:12 282 ----a-w- c:\windows\freedom.backup.dat
2009-08-20 16:39 . 2005-11-02 15:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-16 05:49 . 2008-12-17 20:21 -------- d-----w- c:\program files\PeerGuardian2
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 08:03 . 2009-08-02 08:03 -------- d-----w- c:\program files\SixaxisDriver
2009-08-02 06:58 . 2005-05-17 21:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 06:53 . 2006-12-22 18:51 -------- d-----w- c:\program files\THQ
2009-08-01 06:51 . 2009-08-01 06:51 -------- d-----w- c:\program files\7-Zip
2009-07-31 01:27 . 2009-05-27 21:44 -------- d-----w- c:\documents and settings\matthew\Application Data\com.zipeg
2009-07-26 23:31 . 2006-09-16 14:23 -------- d-----w- c:\program files\Warcraft III
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 09:08 . 2004-08-04 08:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 08:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 08:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-09-06_16.10.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-17 21:54 . 2007-07-27 09:41 16760 c:\windows\system32\spmsg.dll
- 2004-08-07 13:10 . 2009-09-06 15:46 71912 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2009-09-09 17:56 71912 c:\windows\system32\perfc009.dat
+ 2009-09-06 16:45 . 2009-09-06 16:45 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-09-06 16:35 . 2009-09-06 16:35 87617 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2004-08-07 13:10 . 2009-09-09 17:56 442334 c:\windows\system32\perfh009.dat
- 2004-08-07 13:10 . 2009-09-06 15:46 442334 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2004-08-04 08:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
- 2004-08-04 08:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2009-09-08 17:05 . 2009-09-08 17:05 149280 c:\windows\system32\javaws.exe
+ 2009-09-08 17:05 . 2009-09-08 17:05 145184 c:\windows\system32\javaw.exe
+ 2009-09-08 17:05 . 2009-09-08 17:05 145184 c:\windows\system32\java.exe
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-07-21 08:17 . 2009-07-21 08:17 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe
+ 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-07-21 08:04 . 2009-07-21 08:04 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-07-21 08:18 . 2009-07-21 08:18 206264 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-09-08 16:37 . 2009-09-08 16:37 472064 c:\windows\Installer\168758.msi
+ 2009-01-18 15:05 . 2009-01-18 15:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-09-09 12:43 . 2009-09-09 12:43 208896 c:\windows\ERDNT\AutoBackup\09-09-2009\Users\00000002\UsrClass.dat
+ 2009-09-09 12:43 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\09-09-2009\ERDNT.EXE
+ 2009-09-08 16:14 . 2009-09-08 16:14 208896 c:\windows\ERDNT\AutoBackup\08-09-2009\Users\00000002\UsrClass.dat
+ 2009-09-08 16:14 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\08-09-2009\ERDNT.EXE
+ 2004-08-04 08:00 . 2009-05-20 11:44 2355200 c:\windows\system32\WMVCore.dll
+ 2004-08-04 08:00 . 2009-05-20 11:44 2355200 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-09-06 16:37 . 2009-09-06 16:37 1697792 c:\windows\Installer\bdff0.msp
+ 2009-09-06 16:35 . 2009-09-06 16:35 6653952 c:\windows\Installer\bdfe2.msp
+ 2009-09-06 16:31 . 2009-09-06 16:31 3938816 c:\windows\Installer\bdfbe.msi
+ 2009-09-08 17:05 . 2009-09-08 17:05 1757696 c:\windows\Installer\10c01c.msi
+ 2008-12-18 15:48 . 2008-12-18 15:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2005-12-02 16:43 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-02-27 15:37 . 2009-02-27 15:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
+ 2009-09-09 12:43 . 2009-09-09 12:43 10133504 c:\windows\ERDNT\AutoBackup\09-09-2009\Users\00000001\ntuser.dat
+ 2009-09-08 16:14 . 2009-09-08 16:14 10125312 c:\windows\ERDNT\AutoBackup\08-09-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\matthew\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-12-23 569405]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo fix.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\sdv2.testme.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ubi.com\\Core\\GS4.exe"=
"c:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW fixer.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"427:UDP"= 427:UDP:SLP_Port(427)

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/03/2005 15:39 200192]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [26/04/2008 23:42 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [02/08/2009 08:28 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [02/08/2009 09:03 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2009-08-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 19:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-09 19:07
ComboFix-quarantined-files.txt 2009-09-09 18:07
ComboFix2.txt 2009-09-06 16:12
ComboFix3.txt 2009-09-05 19:44

Pre-Run: 30,827,356,160 bytes free
Post-Run: 30,875,262,976 bytes free

234 --- E O F --- 2009-09-09 13:12
 
Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\Downloaded Program Files\gsda.dll
DeQuarantine::
c:\QooBox\Quarantine\c\windows\system32\ltfil13n.DLL.vir
Quit::


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe.
You should get these logs:
* DeQuarantine_log.txt
* ComboFix.txt

Post them and a fresh dds.txt log. How's the system running?
 
Dequarantine.txt

c:\QooBox\Quarantine\c\windows\system32\ltfil13n.DLL.vir -> c:\windows\system32\ltfil13n.DLL ( 163840 bytes )

The combofix.txt didn't even appear :confused:, there is no combofix.txt in C: at all and there is only the older combo.txts in qoobox.

As far as I can tell the system is back to normal, I just need to try and install an antivirus and the system should be fine. Thank you for all the help so far :thanks:
 
DDS (Ver_09-07-30.01) - NTFSx86
Run by matthew at 11:21:01.76 on 10/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.592 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\matthew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\matthew\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {27527D31-447B-11D5-A46E-0001023B4289} - hxxp://gamingzone.ubisoft.com/dev/packages/GSManager.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-4-26 13352]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-2 33792]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-8-2 27904]

=============== Created Last 30 ================

2009-09-10 11:05 163,840 a------- c:\windows\system32\ltfil13n.DLL
2009-09-10 11:04 <DIR> --ds---- C:\Combofix
2009-09-10 11:03 389,120 a------- c:\windows\system32\CF24791.exe
2009-09-09 13:45 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-08 18:05 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-08 17:52 <DIR> --d----- c:\documents and settings\matthew\.SunDownloadManager
2009-09-08 17:37 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-09-06 17:35 <DIR> --d----- c:\windows\system32\Adobe
2009-09-06 17:04 <DIR> a-dshr-- C:\cmdcons
2009-09-05 20:16 230,912 a------- c:\windows\PEV.exe
2009-09-05 20:16 161,792 a------- c:\windows\SWREG.exe
2009-09-05 20:16 98,816 a------- c:\windows\sed.exe
2009-08-25 21:11 <DIR> --d----- c:\program files\Trend micro
2009-08-20 18:32 268 a---h--- C:\sqmdata07.sqm
2009-08-20 18:32 244 a---h--- C:\sqmnoopt07.sqm
2009-08-17 23:18 <DIR> --d----- c:\docume~1\matthew\applic~1\The Path
2009-08-11 21:04 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 21:03 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

==================== Find3M ====================

2009-08-13 16:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-06-29 12:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 12:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 09:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 09:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 09:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 13:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-05-11 22:32 83,216 a------- c:\docume~1\matthew\applic~1\GDIPFONTCACHEV1.DAT
2006-07-09 18:28 2,024 a------- c:\docume~1\matthew\applic~1\wklnhst.dat

============= FINISH: 11:21:13.68 ===============
 
Ok. Delete C:\WINDOWS\Downloaded Program Files\gsda.dll file manually then.

Please uninstall these vulnerable Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5

Post a fresh dds.txt log when done.
 
The file you named wasn't there.

And the java that appears in Add/remove programmes is Java 6 update 16. When uninstalling the old java I had to use a windows install clean up application to remove them as using Add/remove produce a strange error.
 
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


See if you can find the file now. If not, I believe we're ready for final steps :)

I've included some antivirus and firewall suggestions too.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

We need to re hide system files. To do so, please follow the steps below:
  1. Double-click My Computer.
  2. Click the Tools menu, and then click Folder Options.
  3. Click the View tab.
  4. Put a check by
    Hide file extensions for known file types.
  5. Under the
    Hidden files
    folder, select
    Show hidden files and folders.
  6. Check
    Hide protected operating system files.
  7. Click Apply, and then click OK.

Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
    Antivir
    Avast!
    Good commercial ones are from:
    Kaspersky and
    ESET
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo HopSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top