TechSpot

David Malware removal

By Rucker9
Nov 20, 2010
  1. Bobbye had said _ You can read this discussion at:
    http://www.techspot.com/vb/newintopic156784.html

    Here is the message that has just been posted:

    ***************
    Hold off on this until I get the moderator to transfer your logs to this thread. Everything pertaining to this problem should be posted here, on this thread.

    I have waited 24 hrs but the message I get on trying to reply tp Bobbye having been directed there by his e mail is
    Quote
    Rucker9, you do not have permission to access this page. This could be due to one of several reasons:

    Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
    If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
    Unquote​
    I have been trying to reply on the nominated linked thread without sucess as you can see. I have had no other information about what or where the moderator may have now moved the discussion to. Can you please let me know where I should continue. If I should be working here then I have included further information below - if not? where should I file this please so:

    In the interest of expedience I include here the reply to the other e mail from Bobbye posted at -You can read this discussion at:
    http://www.techspot.com/vb/newintopic156798.html

    1. Why are you running in Safe Mode? -
    I was running in Safe mode because I could not open any progremmes or documents when in normal - it was the best I could think of to try and sort out the problem and run the Malware Removal programmes asuggested in the instructions.

    2. Can you get into Normal Mode? If not, what happens when you try?
    Initially Normal would start, but could not open any programmes - Word etc or run any links/shortcuts. Following reciept of your note and the question I rebooted the PC having physically disconnected the internet cable. On rebooting all the programmes were available and I then ran the Malware programmes again. - Results below (or in next mail if this ends up too big)

    3. It looks like your Host files have been hijacked- have you lost the internet connection? -
    I think this is right though I did not know it. When I reconnected the modem the PC did not respond , there was no icon in the tray and I cannot get it to set up again - tried all day yesterday.

    4.The IP shown is 10.105.10.4, which is a private address, but the IP is followed by the word *'fuji'*. Does that mean anything to you?
    The 'fuji' may have something to do with the connections I have to have with my office servers and databases which are run by fujitsu as an IT service - that is the only thing I can think of.

    5. I can guide you better if I know what's happening. You can wait on GMER until I have some idea of what's going on. Thank you I hope the above info helps. Onced the internet was disconnected GMER ran - see results below.

    Please remenber I have to use XP, and IE6 for connectivity to company data bases and also there is a problem with some other programmes (Java I think I am not to change)so apart from MS security upgrades I am limited. All the security downloads have been applied.

    I have attached a file with the PCs profile - will mean more to you than me.

    IN the hopoe that this is the right place here are the results for the malware files in Normal mode - the DDS would not run.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4345

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.2180

    19/11/2010 08:44:11
    mbam-log-2010-11-19 (08-44-11).txt

    Scan type: Quick scan
    Objects scanned: 146620
    Time elapsed: 9 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-19 09:17:44
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.8.16
    Running: cyh0prte.exe; Driver: C:\DOCUME~1\EWINGC~1\LOCALS~1\Temp\pftdapoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Ewing Consultants at 9:45:18.85 on 19/11/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.535 [GMT 0:00]

    AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    svchost.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Documents and Settings\Ewing Consultants\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    mDefault_Page_URL = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [PCSpeedUp] "c:\program files\pc speed up\PCSpeedUp.exe"
    uRun: [hjsedabq] c:\docume~1\ewingc~1\locals~1\temp\wqywwvmfx\ntwtlmotsbl.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\administrator\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
    IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: motive.com\pbttbc.bt
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
    Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 10.105.10.4 fuji
    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
    R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
    S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]

    =============== Created Last 30 ================

    2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up

    ==================== Find3M ====================

    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
    2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
    2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
    2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
    2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
    2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
    2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
    2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

    ============= FINISH: 9:46:36.82 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/03/2005 10:06:37
    System Uptime: 19/11/2010 08:30:25 (1 hours ago)

    Motherboard: Dell Computer Corp. | | 0U2575
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 5.272 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
    E: is CDROM ()
    F: is FIXED (FAT) - 2 GiB total, 0.925 GiB free.
    G: is FIXED (NTFS) - 112 GiB total, 84.401 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Network Controller
    Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
    Service:

    ==== System Restore Points ===================

    RP37: 29/09/2010 10:24:01 - System Checkpoint
    RP38: 29/09/2010 21:54:01 - Software Distribution Service 3.0
    RP39: 30/09/2010 09:15:26 - Installed Microsoft Office Outlook Connector
    RP40: 01/10/2010 09:33:32 - System Checkpoint
    RP41: 02/10/2010 15:39:57 - System Checkpoint
    RP42: 03/10/2010 16:32:34 - System Checkpoint
    RP43: 04/10/2010 18:15:07 - System Checkpoint
    RP44: 06/10/2010 12:55:08 - System Checkpoint
    RP45: 07/10/2010 14:29:14 - System Checkpoint
    RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
    RP47: 10/10/2010 09:51:18 - System Checkpoint
    RP48: 11/10/2010 10:17:57 - System Checkpoint
    RP49: 12/10/2010 11:21:39 - System Checkpoint
    RP50: 13/10/2010 14:59:36 - System Checkpoint
    RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
    RP52: 16/10/2010 15:48:36 - System Checkpoint
    RP53: 17/10/2010 16:51:39 - System Checkpoint
    RP54: 18/10/2010 18:33:08 - System Checkpoint
    RP55: 19/10/2010 18:56:33 - System Checkpoint
    RP56: 21/10/2010 19:01:14 - System Checkpoint
    RP57: 23/10/2010 13:40:32 - System Checkpoint
    RP58: 24/10/2010 18:41:12 - System Checkpoint
    RP59: 27/10/2010 13:20:00 - System Checkpoint
    RP60: 28/10/2010 20:58:47 - System Checkpoint
    RP61: 31/10/2010 09:06:49 - System Checkpoint
    RP62: 01/11/2010 10:44:25 - System Checkpoint
    RP63: 02/11/2010 19:51:17 - System Checkpoint
    RP64: 04/11/2010 20:41:04 - System Checkpoint
    RP65: 08/11/2010 10:00:14 - System Checkpoint
    RP66: 09/11/2010 13:46:36 - System Checkpoint
    RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
    RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
    RP69: 12/11/2010 09:19:36 - System Checkpoint
    RP70: 13/11/2010 18:30:39 - System Checkpoint
    RP71: 15/11/2010 19:14:50 - System Checkpoint
    RP72: 17/11/2010 08:04:48 - System Checkpoint
    RP73: 19/11/2010 08:53:27 - System Checkpoint

    ==== Installed Programs ======================


    7200
    7200_Help
    7200Trb
    ACDSee
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    AiO_Scan
    AiOSoftware
    Apple Mobile Device Support
    Avanquest update
    Belarc Advisor 7.2
    BT Broadband Desktop Help
    BT Email Configuration Tool
    BT Yahoo! Applications
    BTHomeHub
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Copernic Agent Basic
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Destinations
    Digital Line Detect
    Director
    DocProc
    DocumentViewer
    DWG TrueView 2009
    Epic 5.1
    ESET Online Scanner v3
    ESET Smart Security
    Fax
    FLV Player X 1.0.1
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    HMRC Employer CD-ROM 2009
    HMRC Employer CD-ROM 2010
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 940c series (Remove only)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Photo Printing Software
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Update
    HPSSupply
    HPSystemDiagnostics
    ImgBurn
    InstantShare
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Juniper Networks Host Checker
    Juniper Networks Network Connect 6.4.0
    Juniper Networks Setup Client
    Malwarebytes' Anti-Malware
    MarketResearch
    Maxtor Backup
    Maxtor Encryption
    Maxtor OneTouch III
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Date and Phone XML Smart Tags
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.4
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Standard 2003
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio Professional 2003
    Microsoft Office Visio Viewer 2003 (English)
    Microsoft Outlook Personal Folders Backup
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    Modem Helper
    Motorola Phone Tools
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    Nero - Burning Rom
    NetWaiting
    OMCI
    PanoStandAlone
    PhotoGallery
    PowerDVD 5.1
    ProductContext
    Project Report Presentation Add-in for Microsoft Office Project 2003
    QFolder
    Readme
    RealPlayer
    Remove Hidden Data Tool
    Sage Instant Accounts
    Sage Instant Accounts V12.00
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shop for HP Supplies
    SkinsHP1
    Sonic RecordNow! Plus
    Sonic Update Manager
    SoundMAX
    SpeedTouch USB Software
    System Requirements Lab for Intel
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    USB Device Driver v1.25r004
    User Profile Hive Cleanup Service
    WebEx
    WebFldrs XP
    WebReg
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WOT for Internet Explorer
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    19/11/2010 08:29:45, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 08:29:45, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 08:29:45, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 08:29:45, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    19/11/2010 08:29:44, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxSyncService service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxBackServiceInt service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 08:29:44, error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    19/11/2010 08:13:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
    19/11/2010 08:12:26, error: Service Control Manager [7038] - The SQLBrowser service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    19/11/2010 08:12:26, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    19/11/2010 08:12:26, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not start due to a logon failure.
    18/11/2010 18:21:52, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
    18/11/2010 17:40:49, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ehdrv epfwtdi eusk2par Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
    18/11/2010 17:40:49, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 17:40:49, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 17:40:49, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 17:40:49, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    18/11/2010 17:31:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    18/11/2010 17:22:33, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 BANTExt ehdrv epfwtdi eusk2par Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip

    ==== End Of File ===========================

    Sorry if this is in the wrong place afgain
    David
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    David, I am so sorry for this delay. Apparently things didn't go as planed- I am checking our logs-here- now. Will be back shortly>>> I promise!
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I think I have found the cause of the problem. I might have to have you submit a file for identification, but first, let's see if either of the following scans picks it up:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ============================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Again, I apologize for the mix up. I was trying to get the description and the logs together on the same thread.

    Edit: I strongly recommend that you remove these from the Trusted Zone. That is a zone with less security and you have the entire internet in it! No Domains need to be in this zone. The only practical use for it is if a group has an Intranet set up- note that is 'intra' not 'inter'!
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: motive.com\pbttbc.bt


    Open Internet Options in either Tools in IE or in the Control Panel> Security tab> Trusted Sites> Sites> highlight, then remove all 3 of these entries.

    You should also disable the UPHClean\uphclean.exe>> User Profile Hive Cleanup and the PC Speed Up[/b[ while I'm helping you as they could interfere with the scans.
     
  4. Rucker9

    Rucker9 TS Rookie Topic Starter

    Thank you for your help.
    1. I have clearde the Trusted sites entries = no idea how they got there.
    2. I have removed the UPC programme but cannot see where to remove \pc speed up - again have no idea where it came from can you tell me how to remove it if it is not required please.
    3. Downloaded \Combo fix and transfered to the PC via usb stick - ran programme and results copied and pasted below.
    4. Because I can not get the pc to connect to the internet I could not run the ESET NOD scan. I could not see a way of downloading the programme and transfering it from my laptop. As I ahve ESET Smart Suit on the PC I ran this scan - I do not know if this will give the results you need. However the report turned out to be 74 pages long so I have not enclosed it. I will send if you think it will be of use. Otherwise the best approach will be to get the internet connection programme fixed
    ComboFix 10-11-20.06 - Ewing Consultants 21/11/2010 9:47.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.432 [GMT 0:00]
    Running from: c:\documents and settings\Ewing Consultants\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Ewing Consultants\Application Data\ACD Systems\ACDSee\ImageDB.ddf

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 )))))))))))))))))))))))))))))))
    .

    2010-11-19 11:20 . 2010-11-19 11:20 -------- d-----w- c:\windows\BTV.0001
    2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-18 10:29 . 2010-11-18 10:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
    2010-11-11 11:53 . 2010-11-11 12:02 -------- d-----w- c:\program files\PC Speed Up

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 11:23 . 2004-08-10 12:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-10 12:51 974848 --sha-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-10 12:51 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-10 12:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-01 11:51 . 2004-08-10 12:50 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-10 12:51 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-10 12:51 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-10 12:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-10 12:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-04-16 12:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-10 12:50 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-02-28 12:30 . 2010-02-28 12:30 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
    2009-09-07 16:21 . 2009-09-07 16:21 1648478 ----a-w- c:\program files\FileManager.exe
    2007-10-04 07:10 . 2007-10-04 07:10 12531691 -c--a-w- c:\program files\Kd50e.exe
    2006-06-20 17:16 . 2006-06-20 17:16 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2005-07-04 14:00 . 2000-10-16 12:30 217088 -c--a-w- c:\program files\SpaceMonger.exe
    2005-04-08 11:11 . 2005-04-08 10:53 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
    2005-03-21 19:52 . 2005-03-21 19:52 4320768 ----a-w- c:\program files\MSMONEY.EXE
    2004-08-04 05:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
    2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 196608]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-14 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09/04/2009 14:18 114984]
    R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [02/10/2007 16:00 24786]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24/03/2010 19:31 810120]
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [10/08/2004 12:51 14336]
    S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/01/2010 09:04 135664]
    S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [17/08/2001 11:11 20160]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
    S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [02/10/2007 16:00 45534]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - uphcleanhlp

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 09:04]

    2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 09:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://bt.yahoo.com/
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: motive.com\pbttbc.bt
    Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
    Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-PCSpeedUp - c:\program files\PC Speed Up\PCSpeedUp.exe
    HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\documents and settings\Administrator\Desktop\Malwarebytes' Anti-Malware\mbam.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-21 09:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3000975372-3708929796-4007856590-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-11-21 09:57:08
    ComboFix-quarantined-files.txt 2010-11-21 09:57

    Pre-Run: 6,082,408,448 bytes free
    Post-Run: 6,063,071,232 bytes free

    - - End Of File - - A22AAA6880BBE6B995DF5D1F26E41558
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, I thought I was going buggy for a moment until I copied this down:

    David Malware Virus Capture: http://www.techspot.com/vb/topic156784.html
    DDS (Ver_10-11-10.01) - NTFSx86 MINIMAL
    Run by Administrator at 19:02:24.09 on 18/11/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.793 [GMT 0:00]
    AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    Original DDS:
    David Malware removal: http://www.techspot.com/vb/topic156891.html
    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Ewing Consultants at 9:45:18.85 on 19/11/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.535 [GMT 0:00]
    AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    Next DDS:
    Did I miss this? It was confusing because you had so many threads going. IT apeared they were for the same system.
    Different account? Different machines? Start and default different on both. Proxy different. Host entry same. I did not compare the remaining content. I noticed this because I was checking the proxies for possible cause of no internet connection.
     
  6. Rucker9

    Rucker9 TS Rookie Topic Starter

    Hello and good morning,
    I am sorry if there is confudion I can assure you that all the scans have been run on my single PC by down loading the programmes onto my laptop onto a USB stick m transfering them to the PC desk top and perfoming the process, I have then saved the files onto the USB and brought them back to the laptop to be pasted into the replies. I am sory that there has appeared to be some confusion. I am no expert however if you recall I got the first DDS programme to run on the 18 Nov when I was using the macine in Safe mode. On the 19 Nov and for all other runs, following your question abouy why I was in safe mode I booted the PC in Normaland ran the programmes. It is the same machine but without an internet connection. Is it possible that the address has been changed by the malware and this is the cause of the inability to connect to the internet now?
    I can assure you that the problem lies on one machine, the details passed as an attachment to an earlier e mail. it is physically commected to the internet through my BT (British Telecomm) hub, It is used as a home PC and for checking in to the office via their systems (fujitsu run services). I am working on my laptop which connects to the internet on WiFi via the same BT hub. The Laptop is a Toshiba machine.

    While I can see your dilemma wuth all the diferent information and Detail I can offer no other explanation. Would transfeering the files have any effect = I would not have thought so.

    In order to see if there are any further changes I have run DDS again this morning and the results are pasted below. Sorry to cause confusion but all I have done seems to have been to follow thw Instructions on 3 ocaisions. I have not changed default home pages etc my normal home page is Google.co.uk, Could this have change ib Safe mode? I have just checked through Comtrol Pannel/Internet settings to see that the Home Page Entry is now showing as www.by,yahoo.com (this is like a hotmail access page because the BT internet accounts are based in Yahoo the Yahoo account. = I did not change this. Running DDS again now

    As you have not made a comment I presume I have not got Script Blocking Tools running. I left ESET on for each run. Here are todays repoorts. I hope this gives you some more clues as to what is going wrong = thank you again


    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Ewing Consultants at 8:51:15.31 on 22/11/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.563 [GMT 0:00]

    AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    svchost.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Documents and Settings\Ewing Consultants\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://bt.yahoo.com/
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
    IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
    Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
    R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
    R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
    S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]

    =============== Created Last 30 ================

    2010-11-21 09:44:30 98816 ----a-w- c:\windows\sed.exe
    2010-11-21 09:44:30 161792 ----a-w- c:\windows\SWREG.exe
    2010-11-19 11:20:10 -------- d-----w- c:\windows\BTV.0001
    2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up

    ==================== Find3M ====================

    2010-11-08 01:20:24 89088 ----a-w- c:\windows\MBR.exe
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
    2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
    2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
    2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
    2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
    2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
    2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
    2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
    2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

    ============= FINISH: 8:52:55.82 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/03/2005 10:06:37
    System Uptime: 22/11/2010 08:16:15 (0 hours ago)

    Motherboard: Dell Computer Corp. | | 0U2575
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 5.632 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
    E: is CDROM ()
    G: is FIXED (NTFS) - 112 GiB total, 84.4 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Network Controller
    Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
    Service:

    ==== System Restore Points ===================

    RP44: 06/10/2010 12:55:08 - System Checkpoint
    RP45: 07/10/2010 14:29:14 - System Checkpoint
    RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
    RP47: 10/10/2010 09:51:18 - System Checkpoint
    RP48: 11/10/2010 10:17:57 - System Checkpoint
    RP49: 12/10/2010 11:21:39 - System Checkpoint
    RP50: 13/10/2010 14:59:36 - System Checkpoint
    RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
    RP52: 16/10/2010 15:48:36 - System Checkpoint
    RP53: 17/10/2010 16:51:39 - System Checkpoint
    RP54: 18/10/2010 18:33:08 - System Checkpoint
    RP55: 19/10/2010 18:56:33 - System Checkpoint
    RP56: 21/10/2010 19:01:14 - System Checkpoint
    RP57: 23/10/2010 13:40:32 - System Checkpoint
    RP58: 24/10/2010 18:41:12 - System Checkpoint
    RP59: 27/10/2010 13:20:00 - System Checkpoint
    RP60: 28/10/2010 20:58:47 - System Checkpoint
    RP61: 31/10/2010 09:06:49 - System Checkpoint
    RP62: 01/11/2010 10:44:25 - System Checkpoint
    RP63: 02/11/2010 19:51:17 - System Checkpoint
    RP64: 04/11/2010 20:41:04 - System Checkpoint
    RP65: 08/11/2010 10:00:14 - System Checkpoint
    RP66: 09/11/2010 13:46:36 - System Checkpoint
    RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
    RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
    RP69: 12/11/2010 09:19:36 - System Checkpoint
    RP70: 13/11/2010 18:30:39 - System Checkpoint
    RP71: 15/11/2010 19:14:50 - System Checkpoint
    RP72: 17/11/2010 08:04:48 - System Checkpoint
    RP73: 19/11/2010 08:53:27 - System Checkpoint
    RP74: 21/11/2010 09:44:50 - ComboFix created restore point
    RP75: 21/11/2010 10:50:34 - Removed User Profile Hive Cleanup Service

    ==== Installed Programs ======================


    7200
    7200_Help
    7200Trb
    ACDSee
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    AiO_Scan
    AiOSoftware
    Apple Mobile Device Support
    Avanquest update
    Belarc Advisor 7.2
    BT Broadband Desktop Help
    BT Email Configuration Tool
    BT Yahoo! Applications
    BTHomeHub
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Copernic Agent Basic
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Destinations
    Digital Line Detect
    Director
    DocProc
    DocumentViewer
    DWG TrueView 2009
    Epic 5.1
    ESET Online Scanner v3
    ESET Smart Security
    Fax
    FLV Player X 1.0.1
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    HMRC Employer CD-ROM 2009
    HMRC Employer CD-ROM 2010
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp deskjet 940c series (Remove only)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Photo Printing Software
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Update
    HPSSupply
    HPSystemDiagnostics
    ImgBurn
    InstantShare
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Juniper Networks Host Checker
    Juniper Networks Network Connect 6.4.0
    Juniper Networks Setup Client
    Malwarebytes' Anti-Malware
    MarketResearch
    Maxtor Backup
    Maxtor Encryption
    Maxtor OneTouch III
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Date and Phone XML Smart Tags
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.4
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Standard 2003
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio Professional 2003
    Microsoft Office Visio Viewer 2003 (English)
    Microsoft Outlook Personal Folders Backup
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    Modem Helper
    Motorola Phone Tools
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    Nero - Burning Rom
    NetWaiting
    OMCI
    PanoStandAlone
    PhotoGallery
    PowerDVD 5.1
    ProductContext
    Project Report Presentation Add-in for Microsoft Office Project 2003
    QFolder
    Readme
    RealPlayer
    Remove Hidden Data Tool
    Sage Instant Accounts
    Sage Instant Accounts V12.00
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shop for HP Supplies
    SkinsHP1
    Sonic RecordNow! Plus
    Sonic Update Manager
    SoundMAX
    SpeedTouch USB Software
    System Requirements Lab for Intel
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    USB Device Driver v1.25r004
    WebEx
    WebFldrs XP
    WebReg
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WOT for Internet Explorer
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    22/11/2010 08:45:02, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-b.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    22/11/2010 08:17:59, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
    22/11/2010 08:17:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
    21/11/2010 15:00:46, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code.
    21/11/2010 15:00:46, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.1.254 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
    21/11/2010 13:30:37, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

    ==== End Of File ===========================
     
  7. Rucker9

    Rucker9 TS Rookie Topic Starter

    Hi, Bobbye,
    I am sure you have much betterr things to do with your time but just wondering if the last postings gave any further clues to the cause of the problems.
    Thanks for all the help so far
    David
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...