Wow, so... what a crazy journey it's been. Slowed down a bit as my time turned to server migrating, but I was able to get back and see if Windows Update could take care of things.
It did. Slowly, and eventually, after some issues and having to go default the boot.ini, and get around some apparently corruption of a ui.dll process that a program was using that crashes in Normal mode but not in Safe...
Performed some normal cleanup (COmbofix, MBAM, Spybot, SAS...), but if you'd like to see the condition it's in now, running the initial five steps you ask...!
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.29.09
Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
mike :: PAF-TC7269-001 [administrator]
11/29/2012 1:31:35 PM
mbam-log-2012-11-29 (13-31-35).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424651
Time elapsed: 51 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\TDSSKiller_Quarantine\23.05.2012_15.55.37\rtkt0000\zafs0000\tsk0001.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by mike at 14:29:49 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2365 [GMT -5:00]
.
AV: eTrust ITM *Enabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.
============== Running Processes ================
.
C:\windows\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZapsc.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtdrHlpDk.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\windows\System32\alg.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.google.com/
uSearch Bar = hxxp://
www.google.com/ie
uSearch Page = hxxp://
www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://
www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354220771578
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://
www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354475141109
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 192.168.42.1
TCP: Interfaces\{4E8B27A3-4AE7-4BDF-809B-F9750F9836BA} : DHCPNameServer = 192.168.42.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Hosts: 127.0.0.1
www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-7-11 82760]
R2 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-7-11 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2010-8-9 86856]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2010-8-9 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2010-8-9 86856]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2008-3-6 5760]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-11-19 37184]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\mike\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\mike\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\mike\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\mike\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-7-23 64064]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2010-8-9 78664]
S4 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
.
=============== Created Last 30 ================
.
2012-12-02 19:05:29 -------- d-sh--w- c:\documents and settings\mike\IECompatCache
2012-12-02 19:05:05 -------- d-sh--w- c:\documents and settings\mike\PrivacIE
2012-11-29 22:41:37 -------- d-----w- c:\documents and settings\mike\local settings\application data\PCHealth
2012-11-29 22:37:29 -------- d-sh--w- c:\documents and settings\mike\IETldCache
2012-11-29 22:34:09 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-11-29 22:33:38 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-11-29 22:33:17 -------- d-----w- c:\windows\ie8updates
2012-11-29 22:33:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-11-29 22:33:12 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-11-29 22:33:12 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-11-29 22:33:12 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-11-29 22:33:12 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-11-29 22:33:12 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-11-29 22:33:12 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-11-29 22:31:43 -------- dc-h--w- c:\windows\ie8
2012-11-29 21:45:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-11-29 21:45:27 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-11-29 21:45:04 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-11-29 21:44:51 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-11-29 21:44:37 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-11-29 21:44:02 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-11-29 21:43:41 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-11-29 21:43:16 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-11-29 21:43:16 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-11-29 21:42:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-11-29 21:42:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-11-29 21:42:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-11-29 21:42:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-11-29 21:42:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-11-29 21:42:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-11-29 21:42:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-11-29 21:42:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-11-29 21:41:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-11-29 21:41:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-11-29 21:41:23 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-11-29 21:39:07 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-11-29 21:38:38 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-11-29 21:38:11 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-11-29 21:38:03 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-11-29 21:37:56 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-11-29 21:37:56 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-11-29 21:37:56 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-11-29 21:37:56 2069632 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-11-29 21:37:56 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-11-29 21:37:51 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-11-29 21:37:44 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-11-29 21:31:03 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-11-29 21:30:53 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-11-29 21:26:43 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-11-29 21:03:03 -------- d-----w- c:\windows\ServicePackFiles
2012-11-29 21:00:56 19569 ----a-w- c:\windows\003358_.tmp
2012-11-29 18:00:45 98816 ----a-w- c:\windows\sed.exe
2012-11-29 18:00:45 256000 ----a-w- c:\windows\PEV.exe
2012-11-29 18:00:45 208896 ----a-w- c:\windows\MBR.exe
2012-11-29 17:29:13 -------- d-----w- C:\df37febdd5368d193e66dcbd9fa8c14a
2012-11-29 17:24:58 16896 -c--a-w- c:\windows\system32\dllcache\status.dll
2012-11-29 17:23:59 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe
2012-11-29 17:21:52 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-11-29 17:21:52 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-11-29 17:20:09 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2012-11-29 17:20:09 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2012-11-29 17:10:14 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-11-29 17:10:14 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-11-29 17:10:14 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-11-29 17:10:14 13312 ----a-w- c:\windows\system32\irclass.dll
2012-11-29 17:10:01 13753 ----a-r- c:\windows\SET11D.tmp
2012-11-29 17:09:59 1086058 ----a-r- c:\windows\SET111.tmp
2012-11-29 17:09:58 1042903 ----a-r- c:\windows\SET110.tmp
2012-11-21 13:35:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-11-16 17:07:46 -------- d-----w- C:\FRST
2012-11-14 17:16:56 -------- d-----w- c:\documents and settings\mike\application data\Task Scheduler.bak
.
==================== Find3M ====================
.
2012-11-06 21:22:43 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-06 21:22:43 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-06 21:22:43 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 12:02:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 12:02:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:02:22 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:30:52.50 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2012 12:25:22 PM
System Uptime: 12/2/2012 2:19:39 PM (0 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Intel Pentium III Xeon processor | CPU 1 | 2593/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 157.425 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/29/2012 3:21:50 PM - System Checkpoint
RP2: 11/29/2012 3:24:23 PM - _29-Nov-2012 03:24:19 PM
RP3: 11/29/2012 3:25:53 PM - After malware cleanup, and no more ui.dll BSDs
RP4: 11/29/2012 5:04:47 PM - Software Distribution Service 3.0
RP5: 11/29/2012 5:46:23 PM - Software Distribution Service 3.0
RP6: 11/30/2012 6:19:29 PM - System Checkpoint
RP7: 12/2/2012 2:03:22 PM - Software Distribution Service 3.0
RP8: 12/2/2012 2:06:21 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.2
Business Contact Manager for Outlook 2007 SP2
CA eTrustITM Agent
CA iTechnology iGateway
Cisco WebEx Meetings
DirectXInstallService
Drag-to-Disc
FanSpeedControl
FileMaker Pro 8.5
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Books Uploader (Java Edition)
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMyPC
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Color LaserJet CP1210 Series
HP Color LaserJet CP1210 Series Toolbox
HP LaserJet Toolbox
HP Software Update
HPCarePackCore
HPCarePackProducts
hppusgCP1215
HPSSupply
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
ITSupport247-DPMA
Java(TM) 6 Update 15
Lenovo System Toolbox
LiveUpdate 2.6 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Marvell Miniport Driver
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mouse Suite
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nitro PDF Professional
OGA Notifier 2.0.0048.0
Online Data Backup
Productivity Center Supplement for ThinkCentre
QuickBooks Pro 2008
Realtek High Definition Audio Driver
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
SupportSoft Assisted Service
System Update
ThinkVantage Power Manager
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
12/2/2012 2:05:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
12/2/2012 2:03:50 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
12/2/2012 2:01:34 PM, error: Dhcp [1002] - The IP address lease 192.168.2.120 for the Network Card with network address 00016C490F39 has been denied by the DHCP server 192.168.42.1 (The DHCP Server sent a DHCPNACK message).
11/29/2012 8:06:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
11/29/2012 5:26:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
11/29/2012 5:25:41 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).
11/29/2012 4:19:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
11/29/2012 4:19:44 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
11/29/2012 4:18:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/29/2012 3:33:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL tvtumon
11/29/2012 3:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2012 3:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
11/29/2012 3:07:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC Pcmcia
11/29/2012 3:07:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVT Backup Service service to connect.
11/29/2012 3:07:15 PM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
11/29/2012 12:56:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
11/29/2012 12:47:04 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/29/2012 12:26:54 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
11/29/2012 12:22:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
.
==== End Of File ===========================
# AdwCleaner v2.010 - Logfile created 12/02/2012 at 14:18:33
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : mike - PAF-TC7269-001
# Boot Mode : Normal
# Running from : C:\download\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Documents and Settings\mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [900 octets] - [02/12/2012 14:18:33]
########## EOF - C:\AdwCleaner[S1].txt - [959 octets] ##########