Inactive David Malware removal

Status
Not open for further replies.

Rucker9

Posts: 7   +0
Bobbye had said _ You can read this discussion at:
https://www.techspot.com/vb/newintopic156784.html

Here is the message that has just been posted:

***************
Hold off on this until I get the moderator to transfer your logs to this thread. Everything pertaining to this problem should be posted here, on this thread.

I have waited 24 hrs but the message I get on trying to reply tp Bobbye having been directed there by his e mail is
Quote
Rucker9, you do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Unquote​
I have been trying to reply on the nominated linked thread without sucess as you can see. I have had no other information about what or where the moderator may have now moved the discussion to. Can you please let me know where I should continue. If I should be working here then I have included further information below - if not? where should I file this please so:

In the interest of expedience I include here the reply to the other e mail from Bobbye posted at -You can read this discussion at:
https://www.techspot.com/vb/newintopic156798.html

1. Why are you running in Safe Mode? -
I was running in Safe mode because I could not open any progremmes or documents when in normal - it was the best I could think of to try and sort out the problem and run the Malware Removal programmes asuggested in the instructions.

2. Can you get into Normal Mode? If not, what happens when you try?
Initially Normal would start, but could not open any programmes - Word etc or run any links/shortcuts. Following reciept of your note and the question I rebooted the PC having physically disconnected the internet cable. On rebooting all the programmes were available and I then ran the Malware programmes again. - Results below (or in next mail if this ends up too big)

3. It looks like your Host files have been hijacked- have you lost the internet connection? -
I think this is right though I did not know it. When I reconnected the modem the PC did not respond , there was no icon in the tray and I cannot get it to set up again - tried all day yesterday.

4.The IP shown is 10.105.10.4, which is a private address, but the IP is followed by the word *'fuji'*. Does that mean anything to you?
The 'fuji' may have something to do with the connections I have to have with my office servers and databases which are run by fujitsu as an IT service - that is the only thing I can think of.

5. I can guide you better if I know what's happening. You can wait on GMER until I have some idea of what's going on. Thank you I hope the above info helps. Onced the internet was disconnected GMER ran - see results below.

Please remenber I have to use XP, and IE6 for connectivity to company data bases and also there is a problem with some other programmes (Java I think I am not to change)so apart from MS security upgrades I am limited. All the security downloads have been applied.

I have attached a file with the PCs profile - will mean more to you than me.

IN the hopoe that this is the right place here are the results for the malware files in Normal mode - the DDS would not run.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4345

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

19/11/2010 08:44:11
mbam-log-2010-11-19 (08-44-11).txt

Scan type: Quick scan
Objects scanned: 146620
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 09:17:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.8.16
Running: cyh0prte.exe; Driver: C:\DOCUME~1\EWINGC~1\LOCALS~1\Temp\pftdapoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-11-10.01) - NTFSx86
Run by Ewing Consultants at 9:45:18.85 on 19/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.535 [GMT 0:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Ewing Consultants\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PCSpeedUp] "c:\program files\pc speed up\PCSpeedUp.exe"
uRun: [hjsedabq] c:\docume~1\ewingc~1\locals~1\temp\wqywwvmfx\ntwtlmotsbl.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\administrator\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pbttbc.bt
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 10.105.10.4 fuji
============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]

=============== Created Last 30 ================

2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 9:46:36.82 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 21/03/2005 10:06:37
System Uptime: 19/11/2010 08:30:25 (1 hours ago)

Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 5.272 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
E: is CDROM ()
F: is FIXED (FAT) - 2 GiB total, 0.925 GiB free.
G: is FIXED (NTFS) - 112 GiB total, 84.401 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Service:

==== System Restore Points ===================

RP37: 29/09/2010 10:24:01 - System Checkpoint
RP38: 29/09/2010 21:54:01 - Software Distribution Service 3.0
RP39: 30/09/2010 09:15:26 - Installed Microsoft Office Outlook Connector
RP40: 01/10/2010 09:33:32 - System Checkpoint
RP41: 02/10/2010 15:39:57 - System Checkpoint
RP42: 03/10/2010 16:32:34 - System Checkpoint
RP43: 04/10/2010 18:15:07 - System Checkpoint
RP44: 06/10/2010 12:55:08 - System Checkpoint
RP45: 07/10/2010 14:29:14 - System Checkpoint
RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
RP47: 10/10/2010 09:51:18 - System Checkpoint
RP48: 11/10/2010 10:17:57 - System Checkpoint
RP49: 12/10/2010 11:21:39 - System Checkpoint
RP50: 13/10/2010 14:59:36 - System Checkpoint
RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
RP52: 16/10/2010 15:48:36 - System Checkpoint
RP53: 17/10/2010 16:51:39 - System Checkpoint
RP54: 18/10/2010 18:33:08 - System Checkpoint
RP55: 19/10/2010 18:56:33 - System Checkpoint
RP56: 21/10/2010 19:01:14 - System Checkpoint
RP57: 23/10/2010 13:40:32 - System Checkpoint
RP58: 24/10/2010 18:41:12 - System Checkpoint
RP59: 27/10/2010 13:20:00 - System Checkpoint
RP60: 28/10/2010 20:58:47 - System Checkpoint
RP61: 31/10/2010 09:06:49 - System Checkpoint
RP62: 01/11/2010 10:44:25 - System Checkpoint
RP63: 02/11/2010 19:51:17 - System Checkpoint
RP64: 04/11/2010 20:41:04 - System Checkpoint
RP65: 08/11/2010 10:00:14 - System Checkpoint
RP66: 09/11/2010 13:46:36 - System Checkpoint
RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
RP69: 12/11/2010 09:19:36 - System Checkpoint
RP70: 13/11/2010 18:30:39 - System Checkpoint
RP71: 15/11/2010 19:14:50 - System Checkpoint
RP72: 17/11/2010 08:04:48 - System Checkpoint
RP73: 19/11/2010 08:53:27 - System Checkpoint

==== Installed Programs ======================


7200
7200_Help
7200Trb
ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Avanquest update
Belarc Advisor 7.2
BT Broadband Desktop Help
BT Email Configuration Tool
BT Yahoo! Applications
BTHomeHub
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copernic Agent Basic
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Digital Line Detect
Director
DocProc
DocumentViewer
DWG TrueView 2009
Epic 5.1
ESET Online Scanner v3
ESET Smart Security
Fax
FLV Player X 1.0.1
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 940c series (Remove only)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Photo Printing Software
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSSupply
HPSystemDiagnostics
ImgBurn
InstantShare
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Juniper Networks Host Checker
Juniper Networks Network Connect 6.4.0
Juniper Networks Setup Client
Malwarebytes' Anti-Malware
MarketResearch
Maxtor Backup
Maxtor Encryption
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Date and Phone XML Smart Tags
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Motorola Phone Tools
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero - Burning Rom
NetWaiting
OMCI
PanoStandAlone
PhotoGallery
PowerDVD 5.1
ProductContext
Project Report Presentation Add-in for Microsoft Office Project 2003
QFolder
Readme
RealPlayer
Remove Hidden Data Tool
Sage Instant Accounts
Sage Instant Accounts V12.00
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SkinsHP1
Sonic RecordNow! Plus
Sonic Update Manager
SoundMAX
SpeedTouch USB Software
System Requirements Lab for Intel
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Device Driver v1.25r004
User Profile Hive Cleanup Service
WebEx
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

19/11/2010 08:29:45, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
19/11/2010 08:29:44, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxSyncService service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxBackServiceInt service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
19/11/2010 08:13:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
19/11/2010 08:12:26, error: Service Control Manager [7038] - The SQLBrowser service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
19/11/2010 08:12:26, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
19/11/2010 08:12:26, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not start due to a logon failure.
18/11/2010 18:21:52, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
18/11/2010 17:40:49, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ehdrv epfwtdi eusk2par Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
18/11/2010 17:40:49, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/11/2010 17:31:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
18/11/2010 17:22:33, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 BANTExt ehdrv epfwtdi eusk2par Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip

==== End Of File ===========================

Sorry if this is in the wrong place afgain
David
 
David, I am so sorry for this delay. Apparently things didn't go as planed- I am checking our logs-here- now. Will be back shortly>>> I promise!
 
Okay, I think I have found the cause of the problem. I might have to have you submit a file for identification, but first, let's see if either of the following scans picks it up:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
============================
Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Again, I apologize for the mix up. I was trying to get the description and the logs together on the same thread.

Edit: I strongly recommend that you remove these from the Trusted Zone. That is a zone with less security and you have the entire internet in it! No Domains need to be in this zone. The only practical use for it is if a group has an Intranet set up- note that is 'intra' not 'inter'!
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pbttbc.bt


Open Internet Options in either Tools in IE or in the Control Panel> Security tab> Trusted Sites> Sites> highlight, then remove all 3 of these entries.

You should also disable the UPHClean\uphclean.exe>> User Profile Hive Cleanup and the PC Speed Up[/b[ while I'm helping you as they could interfere with the scans.
 
Thank you for your help.
1. I have clearde the Trusted sites entries = no idea how they got there.
2. I have removed the UPC programme but cannot see where to remove \pc speed up - again have no idea where it came from can you tell me how to remove it if it is not required please.
3. Downloaded \Combo fix and transfered to the PC via usb stick - ran programme and results copied and pasted below.
4. Because I can not get the pc to connect to the internet I could not run the ESET NOD scan. I could not see a way of downloading the programme and transfering it from my laptop. As I ahve ESET Smart Suit on the PC I ran this scan - I do not know if this will give the results you need. However the report turned out to be 74 pages long so I have not enclosed it. I will send if you think it will be of use. Otherwise the best approach will be to get the internet connection programme fixed
ComboFix 10-11-20.06 - Ewing Consultants 21/11/2010 9:47.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.432 [GMT 0:00]
Running from: c:\documents and settings\Ewing Consultants\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ewing Consultants\Application Data\ACD Systems\ACDSee\ImageDB.ddf

.
((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-19 11:20 . 2010-11-19 11:20 -------- d-----w- c:\windows\BTV.0001
2010-11-18 16:33 . 2010-11-18 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-18 10:29 . 2010-11-18 10:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\ESET
2010-11-11 11:53 . 2010-11-11 12:02 -------- d-----w- c:\program files\PC Speed Up

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-10 12:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 12:51 974848 --sha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 12:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 12:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-01 11:51 . 2004-08-10 12:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 12:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 12:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 12:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 12:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 12:13 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 12:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-02-28 12:30 . 2010-02-28 12:30 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
2009-09-07 16:21 . 2009-09-07 16:21 1648478 ----a-w- c:\program files\FileManager.exe
2007-10-04 07:10 . 2007-10-04 07:10 12531691 -c--a-w- c:\program files\Kd50e.exe
2006-06-20 17:16 . 2006-06-20 17:16 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-07-04 14:00 . 2000-10-16 12:30 217088 -c--a-w- c:\program files\SpaceMonger.exe
2005-04-08 11:11 . 2005-04-08 10:53 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
2005-03-21 19:52 . 2005-03-21 19:52 4320768 ----a-w- c:\program files\MSMONEY.EXE
2004-08-04 05:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2145000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-14 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09/04/2009 14:18 114984]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [02/10/2007 16:00 24786]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24/03/2010 19:31 810120]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [10/08/2004 12:51 14336]
S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/01/2010 09:04 135664]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [17/08/2001 11:11 20160]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [02/10/2007 16:00 45534]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 09:04]

2010-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pbttbc.bt
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PCSpeedUp - c:\program files\PC Speed Up\PCSpeedUp.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\documents and settings\Administrator\Desktop\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-21 09:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3000975372-3708929796-4007856590-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-21 09:57:08
ComboFix-quarantined-files.txt 2010-11-21 09:57

Pre-Run: 6,082,408,448 bytes free
Post-Run: 6,063,071,232 bytes free

- - End Of File - - A22AAA6880BBE6B995DF5D1F26E41558
 
Well, I thought I was going buggy for a moment until I copied this down:

David Malware Virus Capture: https://www.techspot.com/vb/topic156784.html
DDS (Ver_10-11-10.01) - NTFSx86 MINIMAL
Run by Administrator at 19:02:24.09 on 18/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.793 [GMT 0:00]
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

Original DDS:
uStart Page = hxxp://www.euro.dell.com/
uDefault_Page_URL = hxxp://www.euro.dell.com/
mDefault_Page_URL = hxxp://www.msn.com
Hosts: 10.105.10.4 fuji

David Malware removal: https://www.techspot.com/vb/topic156891.html
DDS (Ver_10-11-10.01) - NTFSx86
Run by Ewing Consultants at 9:45:18.85 on 19/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.535 [GMT 0:00]
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

Next DDS:
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
Hosts: 10.105.10.4 fuji

Did I miss this? It was confusing because you had so many threads going. IT apeared they were for the same system.
Different account? Different machines? Start and default different on both. Proxy different. Host entry same. I did not compare the remaining content. I noticed this because I was checking the proxies for possible cause of no internet connection.
 
Hello and good morning,
I am sorry if there is confudion I can assure you that all the scans have been run on my single PC by down loading the programmes onto my laptop onto a USB stick m transfering them to the PC desk top and perfoming the process, I have then saved the files onto the USB and brought them back to the laptop to be pasted into the replies. I am sory that there has appeared to be some confusion. I am no expert however if you recall I got the first DDS programme to run on the 18 Nov when I was using the macine in Safe mode. On the 19 Nov and for all other runs, following your question abouy why I was in safe mode I booted the PC in Normaland ran the programmes. It is the same machine but without an internet connection. Is it possible that the address has been changed by the malware and this is the cause of the inability to connect to the internet now?
I can assure you that the problem lies on one machine, the details passed as an attachment to an earlier e mail. it is physically commected to the internet through my BT (British Telecomm) hub, It is used as a home PC and for checking in to the office via their systems (fujitsu run services). I am working on my laptop which connects to the internet on WiFi via the same BT hub. The Laptop is a Toshiba machine.

While I can see your dilemma wuth all the diferent information and Detail I can offer no other explanation. Would transfeering the files have any effect = I would not have thought so.

In order to see if there are any further changes I have run DDS again this morning and the results are pasted below. Sorry to cause confusion but all I have done seems to have been to follow thw Instructions on 3 ocaisions. I have not changed default home pages etc my normal home page is Google.co.uk, Could this have change ib Safe mode? I have just checked through Comtrol Pannel/Internet settings to see that the Home Page Entry is now showing as www.by,yahoo.com (this is like a hotmail access page because the BT internet accounts are based in Yahoo the Yahoo account. = I did not change this. Running DDS again now

As you have not made a comment I presume I have not got Script Blocking Tools running. I left ESET on for each run. Here are todays repoorts. I hope this gives you some more clues as to what is going wrong = thank you again


DDS (Ver_10-11-10.01) - NTFSx86
Run by Ewing Consultants at 8:51:15.31 on 22/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.563 [GMT 0:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Ewing Consultants\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]

=============== Created Last 30 ================

2010-11-21 09:44:30 98816 ----a-w- c:\windows\sed.exe
2010-11-21 09:44:30 161792 ----a-w- c:\windows\SWREG.exe
2010-11-19 11:20:10 -------- d-----w- c:\windows\BTV.0001
2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up

==================== Find3M ====================

2010-11-08 01:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 8:52:55.82 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 21/03/2005 10:06:37
System Uptime: 22/11/2010 08:16:15 (0 hours ago)

Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 5.632 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 112 GiB total, 84.4 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Service:

==== System Restore Points ===================

RP44: 06/10/2010 12:55:08 - System Checkpoint
RP45: 07/10/2010 14:29:14 - System Checkpoint
RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
RP47: 10/10/2010 09:51:18 - System Checkpoint
RP48: 11/10/2010 10:17:57 - System Checkpoint
RP49: 12/10/2010 11:21:39 - System Checkpoint
RP50: 13/10/2010 14:59:36 - System Checkpoint
RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
RP52: 16/10/2010 15:48:36 - System Checkpoint
RP53: 17/10/2010 16:51:39 - System Checkpoint
RP54: 18/10/2010 18:33:08 - System Checkpoint
RP55: 19/10/2010 18:56:33 - System Checkpoint
RP56: 21/10/2010 19:01:14 - System Checkpoint
RP57: 23/10/2010 13:40:32 - System Checkpoint
RP58: 24/10/2010 18:41:12 - System Checkpoint
RP59: 27/10/2010 13:20:00 - System Checkpoint
RP60: 28/10/2010 20:58:47 - System Checkpoint
RP61: 31/10/2010 09:06:49 - System Checkpoint
RP62: 01/11/2010 10:44:25 - System Checkpoint
RP63: 02/11/2010 19:51:17 - System Checkpoint
RP64: 04/11/2010 20:41:04 - System Checkpoint
RP65: 08/11/2010 10:00:14 - System Checkpoint
RP66: 09/11/2010 13:46:36 - System Checkpoint
RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
RP69: 12/11/2010 09:19:36 - System Checkpoint
RP70: 13/11/2010 18:30:39 - System Checkpoint
RP71: 15/11/2010 19:14:50 - System Checkpoint
RP72: 17/11/2010 08:04:48 - System Checkpoint
RP73: 19/11/2010 08:53:27 - System Checkpoint
RP74: 21/11/2010 09:44:50 - ComboFix created restore point
RP75: 21/11/2010 10:50:34 - Removed User Profile Hive Cleanup Service

==== Installed Programs ======================


7200
7200_Help
7200Trb
ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Avanquest update
Belarc Advisor 7.2
BT Broadband Desktop Help
BT Email Configuration Tool
BT Yahoo! Applications
BTHomeHub
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copernic Agent Basic
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Digital Line Detect
Director
DocProc
DocumentViewer
DWG TrueView 2009
Epic 5.1
ESET Online Scanner v3
ESET Smart Security
Fax
FLV Player X 1.0.1
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 940c series (Remove only)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Photo Printing Software
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSSupply
HPSystemDiagnostics
ImgBurn
InstantShare
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Juniper Networks Host Checker
Juniper Networks Network Connect 6.4.0
Juniper Networks Setup Client
Malwarebytes' Anti-Malware
MarketResearch
Maxtor Backup
Maxtor Encryption
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Date and Phone XML Smart Tags
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Motorola Phone Tools
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero - Burning Rom
NetWaiting
OMCI
PanoStandAlone
PhotoGallery
PowerDVD 5.1
ProductContext
Project Report Presentation Add-in for Microsoft Office Project 2003
QFolder
Readme
RealPlayer
Remove Hidden Data Tool
Sage Instant Accounts
Sage Instant Accounts V12.00
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SkinsHP1
Sonic RecordNow! Plus
Sonic Update Manager
SoundMAX
SpeedTouch USB Software
System Requirements Lab for Intel
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Device Driver v1.25r004
WebEx
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

22/11/2010 08:45:02, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-b.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
22/11/2010 08:17:59, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
22/11/2010 08:17:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
21/11/2010 15:00:46, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code.
21/11/2010 15:00:46, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.1.254 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.
21/11/2010 13:30:37, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}

==== End Of File ===========================
 
Hi, Bobbye,
I am sure you have much betterr things to do with your time but just wondering if the last postings gave any further clues to the cause of the problems.
Thanks for all the help so far
David
 
Status
Not open for further replies.
Back