TechSpot

[Closed]David Malware Virus Capture

By Rucker9
Nov 18, 2010
  1. TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies.
    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    Hi, seemingly similar problem to many - PC appears to be hijacked by a vedor of AV software. Am using my laptop to post this so have to switch between machines to follow the instructions - I ahve read the intro and downloaded the programmes tpo a memory stick.
    My PC is a Dell optiplex 1700, windows XP Explorer 6 ( because I have to remain compatible with company web sites and servers for remote working. I use MS office pro and have some company specific programmes loaded Epic (for xml work)
    My AV is ESET Smart Security and it is up to date
    I have a C drive - programmes. D drive working documents and a stand alone G drive for Backups. I have disconnected the G drive while I have this problem.

    Symptoms - on shut down last night I did not notice that the process had 'hung' and was waiting for a programme to respond until I came in this morning.

    On rebooting I tried too Open usual programmes - Outlook - faild to open, IE6 opened, showing default address of google but screen was a supposed MS warning page about a need for a AV programme, then noticed a new shield icon in the bottom tray which generates various warning bubbles at about 2 minute intervals followed by small panel with a variety of Virus attack warnings and inviting me to update software. If left finally get a ESET aning that page 3w’s porno.com has been blocked. System re-launched IE after it was closed to a variety of sites all being blocked by ESET.
    Can not open any programme, control panel etc always get a warning g that xxxxx is infected and cannot operate.

    Have tried to run TFC - all I get is a warning cannot run the file tfc.exe is infected. Do you want to run AV software. (I have not run the software). Same result for Malware bytes so not sure where to go from here and there is no attached/pasted result. Cannot even capture a screen shot to show the situation

    I am stuck should I try safe mode to start with, most grateful any assistance.
    David

    Hope I have got this right = gonee to the Malware Removal Forum and created a new Thread.

    have managed to start and run the tests as suggested in the Malware user advice with the PC in the safe mode. I downloaded the programmes onto a USB sick on my lap top and transfered them to the PC. Do not know if this will have affected the results.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4345

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 6.0.2900.2180

    18/11/2010 17:18:25
    mbam-log-2010-11-18 (17-18-25).txt

    Scan type: Quick scan
    Objects scanned: 145414
    Time elapsed: 12 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Ewing Consultants\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    GMERE would not run, tried downloads from both sites but when double clicked after placing on the Desk top the PC froze - Tried 4 times - issue because I was in safe mode?


    DDS (Ver_10-11-10.01) - NTFSx86 MINIMAL
    Run by Administrator at 19:02:24.09 on 18/11/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.793 [GMT 0:00]

    AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.euro.dell.com/
    uDefault_Page_URL = hxxp://www.euro.dell.com/
    mDefault_Page_URL = hxxp://www.msn.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\administrator\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
    IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
    Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 10.105.10.4 fuji
    ============= SERVICES / DRIVERS ===============

    S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
    S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
    S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
    S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]

    =============== Created Last 30 ================

    2010-11-18 16:33:00 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up

    ==================== Find3M ====================

    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
    2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
    2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
    2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
    2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
    2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
    2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
    2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

    ============= FINISH: 19:04:37.29 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/03/2005 10:06:37
    System Uptime: 18/11/2010 17:38:43 (2 hours ago)

    Motherboard: Dell Computer Corp. | | 0U2575
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 6.328 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
    E: is CDROM ()
    F: is FIXED (FAT) - 2 GiB total, 0.93 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Network Controller
    Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
    Service:

    ==== System Restore Points ===================

    RP37: 29/09/2010 10:24:01 - System Checkpoint
    RP38: 29/09/2010 21:54:01 - Software Distribution Service 3.0
    RP39: 30/09/2010 09:15:26 - Installed Microsoft Office Outlook Connector
    RP40: 01/10/2010 09:33:32 - System Checkpoint
    RP41: 02/10/2010 15:39:57 - System Checkpoint
    RP42: 03/10/2010 16:32:34 - System Checkpoint
    RP43: 04/10/2010 18:15:07 - System Checkpoint
    RP44: 06/10/2010 12:55:08 - System Checkpoint
    RP45: 07/10/2010 14:29:14 - System Checkpoint
    RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
    RP47: 10/10/2010 09:51:18 - System Checkpoint
    RP48: 11/10/2010 10:17:57 - System Checkpoint
    RP49: 12/10/2010 11:21:39 - System Checkpoint
    RP50: 13/10/2010 14:59:36 - System Checkpoint
    RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
    RP52: 16/10/2010 15:48:36 - System Checkpoint
    RP53: 17/10/2010 16:51:39 - System Checkpoint
    RP54: 18/10/2010 18:33:08 - System Checkpoint
    RP55: 19/10/2010 18:56:33 - System Checkpoint
    RP56: 21/10/2010 19:01:14 - System Checkpoint
    RP57: 23/10/2010 13:40:32 - System Checkpoint
    RP58: 24/10/2010 18:41:12 - System Checkpoint
    RP59: 27/10/2010 13:20:00 - System Checkpoint
    RP60: 28/10/2010 20:58:47 - System Checkpoint
    RP61: 31/10/2010 09:06:49 - System Checkpoint
    RP62: 01/11/2010 10:44:25 - System Checkpoint
    RP63: 02/11/2010 19:51:17 - System Checkpoint
    RP64: 04/11/2010 20:41:04 - System Checkpoint
    RP65: 08/11/2010 10:00:14 - System Checkpoint
    RP66: 09/11/2010 13:46:36 - System Checkpoint
    RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
    RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
    RP69: 12/11/2010 09:19:36 - System Checkpoint
    RP70: 13/11/2010 18:30:39 - System Checkpoint
    RP71: 15/11/2010 19:14:50 - System Checkpoint
    RP72: 17/11/2010 08:04:48 - System Checkpoint

    ==== Installed Programs ======================


    7200
    7200_Help
    7200Trb
    ACDSee
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    AiO_Scan
    AiOSoftware
    Apple Mobile Device Support
    Avanquest update
    Belarc Advisor 7.2
    BT Broadband Desktop Help
    BT Email Configuration Tool
    BT Yahoo! Applications
    BTHomeHub
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Copernic Agent Basic
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Destinations
    Digital Line Detect
    Director
    DocProc
    DocumentViewer
    DWG TrueView 2009
    Epic 5.1
    ESET Online Scanner v3
    ESET Smart Security
    Fax
    FLV Player X 1.0.1
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    HMRC Employer CD-ROM 2009
    HMRC Employer CD-ROM 2010
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 940c series (Remove only)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Photo Printing Software
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Update
    HPSSupply
    HPSystemDiagnostics
    ImgBurn
    InstantShare
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Juniper Networks Network Connect 6.4.0
    Malwarebytes' Anti-Malware
    MarketResearch
    Maxtor Backup
    Maxtor Encryption
    Maxtor OneTouch III
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Date and Phone XML Smart Tags
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.4
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Standard 2003
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio Professional 2003
    Microsoft Office Visio Viewer 2003 (English)
    Microsoft Outlook Personal Folders Backup
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    Modem Helper
    Motorola Phone Tools
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    Nero - Burning Rom
    NetWaiting
    OMCI
    PanoStandAlone
    PhotoGallery
    PowerDVD 5.1
    ProductContext
    Project Report Presentation Add-in for Microsoft Office Project 2003
    QFolder
    Readme
    RealPlayer
    Remove Hidden Data Tool
    Sage Instant Accounts
    Sage Instant Accounts V12.00
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shop for HP Supplies
    SkinsHP1
    Sonic RecordNow! Plus
    Sonic Update Manager
    SoundMAX
    SpeedTouch USB Software
    System Requirements Lab for Intel
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    USB Device Driver v1.25r004
    User Profile Hive Cleanup Service
    WebEx
    WebFldrs XP
    WebReg
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WOT for Internet Explorer
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    18/11/2010 17:22:33, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 BANTExt ehdrv epfwtdi eusk2par Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
    18/11/2010 16:23:10, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    18/11/2010 15:55:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    18/11/2010 15:55:08, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ehdrv epfwtdi eusk2par Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
    18/11/2010 15:55:08, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 15:55:08, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 15:55:08, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 15:55:08, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 15:54:44, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    18/11/2010 15:54:38, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    ==== End Of File ===========================
    That is the 3 files I could get. Thank you for starting the4 healing process.

    David
     
  2. Rucker9

    Rucker9 TS Rookie Topic Starter

    David Malware Virus Capture

    I have managed to start and run the tests as suggested in the Malware user advice with the PC in the safe mode. I downloaded the programmes onto a USB sick on my lap top and transfered them to the PC. Do not know if this will have affected the results.

    Please let me know when/if I should post them bach and to whom.

    Loking forward to more help - Thank you all
    David
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    David, I have asked the moderator to move this description of the problem to the thread with the logs:http://www.techspot.com/vb/topic156798.html
    Everything pertaining to this problem should be posted there. I am closing this thread.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...