Bobbye had said _ You can read this discussion at:
https://www.techspot.com/vb/newintopic156784.html
Here is the message that has just been posted:
***************
Hold off on this until I get the moderator to transfer your logs to this thread. Everything pertaining to this problem should be posted here, on this thread.
I have waited 24 hrs but the message I get on trying to reply tp Bobbye having been directed there by his e mail is
Quote
In the interest of expedience I include here the reply to the other e mail from Bobbye posted at -You can read this discussion at:
https://www.techspot.com/vb/newintopic156798.html
1. Why are you running in Safe Mode? -
I was running in Safe mode because I could not open any progremmes or documents when in normal - it was the best I could think of to try and sort out the problem and run the Malware Removal programmes asuggested in the instructions.
2. Can you get into Normal Mode? If not, what happens when you try?
Initially Normal would start, but could not open any programmes - Word etc or run any links/shortcuts. Following reciept of your note and the question I rebooted the PC having physically disconnected the internet cable. On rebooting all the programmes were available and I then ran the Malware programmes again. - Results below (or in next mail if this ends up too big)
3. It looks like your Host files have been hijacked- have you lost the internet connection? -
I think this is right though I did not know it. When I reconnected the modem the PC did not respond , there was no icon in the tray and I cannot get it to set up again - tried all day yesterday.
4.The IP shown is 10.105.10.4, which is a private address, but the IP is followed by the word *'fuji'*. Does that mean anything to you?
The 'fuji' may have something to do with the connections I have to have with my office servers and databases which are run by fujitsu as an IT service - that is the only thing I can think of.
5. I can guide you better if I know what's happening. You can wait on GMER until I have some idea of what's going on. Thank you I hope the above info helps. Onced the internet was disconnected GMER ran - see results below.
Please remenber I have to use XP, and IE6 for connectivity to company data bases and also there is a problem with some other programmes (Java I think I am not to change)so apart from MS security upgrades I am limited. All the security downloads have been applied.
I have attached a file with the PCs profile - will mean more to you than me.
IN the hopoe that this is the right place here are the results for the malware files in Normal mode - the DDS would not run.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4345
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180
19/11/2010 08:44:11
mbam-log-2010-11-19 (08-44-11).txt
Scan type: Quick scan
Objects scanned: 146620
Time elapsed: 9 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 09:17:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.8.16
Running: cyh0prte.exe; Driver: C:\DOCUME~1\EWINGC~1\LOCALS~1\Temp\pftdapoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-10.01) - NTFSx86
Run by Ewing Consultants at 9:45:18.85 on 19/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.535 [GMT 0:00]
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Ewing Consultants\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PCSpeedUp] "c:\program files\pc speed up\PCSpeedUp.exe"
uRun: [hjsedabq] c:\docume~1\ewingc~1\locals~1\temp\wqywwvmfx\ntwtlmotsbl.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\administrator\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pbttbc.bt
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 10.105.10.4 fuji
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]
=============== Created Last 30 ================
2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up
==================== Find3M ====================
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
============= FINISH: 9:46:36.82 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 21/03/2005 10:06:37
System Uptime: 19/11/2010 08:30:25 (1 hours ago)
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 5.272 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
E: is CDROM ()
F: is FIXED (FAT) - 2 GiB total, 0.925 GiB free.
G: is FIXED (NTFS) - 112 GiB total, 84.401 GiB free.
==== Disabled Device Manager Items =============
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Service:
==== System Restore Points ===================
RP37: 29/09/2010 10:24:01 - System Checkpoint
RP38: 29/09/2010 21:54:01 - Software Distribution Service 3.0
RP39: 30/09/2010 09:15:26 - Installed Microsoft Office Outlook Connector
RP40: 01/10/2010 09:33:32 - System Checkpoint
RP41: 02/10/2010 15:39:57 - System Checkpoint
RP42: 03/10/2010 16:32:34 - System Checkpoint
RP43: 04/10/2010 18:15:07 - System Checkpoint
RP44: 06/10/2010 12:55:08 - System Checkpoint
RP45: 07/10/2010 14:29:14 - System Checkpoint
RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
RP47: 10/10/2010 09:51:18 - System Checkpoint
RP48: 11/10/2010 10:17:57 - System Checkpoint
RP49: 12/10/2010 11:21:39 - System Checkpoint
RP50: 13/10/2010 14:59:36 - System Checkpoint
RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
RP52: 16/10/2010 15:48:36 - System Checkpoint
RP53: 17/10/2010 16:51:39 - System Checkpoint
RP54: 18/10/2010 18:33:08 - System Checkpoint
RP55: 19/10/2010 18:56:33 - System Checkpoint
RP56: 21/10/2010 19:01:14 - System Checkpoint
RP57: 23/10/2010 13:40:32 - System Checkpoint
RP58: 24/10/2010 18:41:12 - System Checkpoint
RP59: 27/10/2010 13:20:00 - System Checkpoint
RP60: 28/10/2010 20:58:47 - System Checkpoint
RP61: 31/10/2010 09:06:49 - System Checkpoint
RP62: 01/11/2010 10:44:25 - System Checkpoint
RP63: 02/11/2010 19:51:17 - System Checkpoint
RP64: 04/11/2010 20:41:04 - System Checkpoint
RP65: 08/11/2010 10:00:14 - System Checkpoint
RP66: 09/11/2010 13:46:36 - System Checkpoint
RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
RP69: 12/11/2010 09:19:36 - System Checkpoint
RP70: 13/11/2010 18:30:39 - System Checkpoint
RP71: 15/11/2010 19:14:50 - System Checkpoint
RP72: 17/11/2010 08:04:48 - System Checkpoint
RP73: 19/11/2010 08:53:27 - System Checkpoint
==== Installed Programs ======================
7200
7200_Help
7200Trb
ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Avanquest update
Belarc Advisor 7.2
BT Broadband Desktop Help
BT Email Configuration Tool
BT Yahoo! Applications
BTHomeHub
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copernic Agent Basic
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Digital Line Detect
Director
DocProc
DocumentViewer
DWG TrueView 2009
Epic 5.1
ESET Online Scanner v3
ESET Smart Security
Fax
FLV Player X 1.0.1
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 940c series (Remove only)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Photo Printing Software
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSSupply
HPSystemDiagnostics
ImgBurn
InstantShare
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Juniper Networks Host Checker
Juniper Networks Network Connect 6.4.0
Juniper Networks Setup Client
Malwarebytes' Anti-Malware
MarketResearch
Maxtor Backup
Maxtor Encryption
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Date and Phone XML Smart Tags
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Motorola Phone Tools
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero - Burning Rom
NetWaiting
OMCI
PanoStandAlone
PhotoGallery
PowerDVD 5.1
ProductContext
Project Report Presentation Add-in for Microsoft Office Project 2003
QFolder
Readme
RealPlayer
Remove Hidden Data Tool
Sage Instant Accounts
Sage Instant Accounts V12.00
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SkinsHP1
Sonic RecordNow! Plus
Sonic Update Manager
SoundMAX
SpeedTouch USB Software
System Requirements Lab for Intel
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Device Driver v1.25r004
User Profile Hive Cleanup Service
WebEx
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
19/11/2010 08:29:45, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
19/11/2010 08:29:44, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxSyncService service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxBackServiceInt service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
19/11/2010 08:13:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
19/11/2010 08:12:26, error: Service Control Manager [7038] - The SQLBrowser service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
19/11/2010 08:12:26, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
19/11/2010 08:12:26, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not start due to a logon failure.
18/11/2010 18:21:52, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
18/11/2010 17:40:49, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ehdrv epfwtdi eusk2par Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
18/11/2010 17:40:49, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/11/2010 17:31:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
18/11/2010 17:22:33, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 BANTExt ehdrv epfwtdi eusk2par Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
==== End Of File ===========================
Sorry if this is in the wrong place afgain
David
https://www.techspot.com/vb/newintopic156784.html
Here is the message that has just been posted:
***************
Hold off on this until I get the moderator to transfer your logs to this thread. Everything pertaining to this problem should be posted here, on this thread.
I have waited 24 hrs but the message I get on trying to reply tp Bobbye having been directed there by his e mail is
Quote
Rucker9, you do not have permission to access this page. This could be due to one of several reasons:
Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Unquote
I have been trying to reply on the nominated linked thread without sucess as you can see. I have had no other information about what or where the moderator may have now moved the discussion to. Can you please let me know where I should continue. If I should be working here then I have included further information below - if not? where should I file this please so:Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Unquote
In the interest of expedience I include here the reply to the other e mail from Bobbye posted at -You can read this discussion at:
https://www.techspot.com/vb/newintopic156798.html
1. Why are you running in Safe Mode? -
I was running in Safe mode because I could not open any progremmes or documents when in normal - it was the best I could think of to try and sort out the problem and run the Malware Removal programmes asuggested in the instructions.
2. Can you get into Normal Mode? If not, what happens when you try?
Initially Normal would start, but could not open any programmes - Word etc or run any links/shortcuts. Following reciept of your note and the question I rebooted the PC having physically disconnected the internet cable. On rebooting all the programmes were available and I then ran the Malware programmes again. - Results below (or in next mail if this ends up too big)
3. It looks like your Host files have been hijacked- have you lost the internet connection? -
I think this is right though I did not know it. When I reconnected the modem the PC did not respond , there was no icon in the tray and I cannot get it to set up again - tried all day yesterday.
4.The IP shown is 10.105.10.4, which is a private address, but the IP is followed by the word *'fuji'*. Does that mean anything to you?
The 'fuji' may have something to do with the connections I have to have with my office servers and databases which are run by fujitsu as an IT service - that is the only thing I can think of.
5. I can guide you better if I know what's happening. You can wait on GMER until I have some idea of what's going on. Thank you I hope the above info helps. Onced the internet was disconnected GMER ran - see results below.
Please remenber I have to use XP, and IE6 for connectivity to company data bases and also there is a problem with some other programmes (Java I think I am not to change)so apart from MS security upgrades I am limited. All the security downloads have been applied.
I have attached a file with the PCs profile - will mean more to you than me.
IN the hopoe that this is the right place here are the results for the malware files in Normal mode - the DDS would not run.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4345
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180
19/11/2010 08:44:11
mbam-log-2010-11-19 (08-44-11).txt
Scan type: Quick scan
Objects scanned: 146620
Time elapsed: 9 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 09:17:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST340014A rev.8.16
Running: cyh0prte.exe; Driver: C:\DOCUME~1\EWINGC~1\LOCALS~1\Temp\pftdapoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-10.01) - NTFSx86
Run by Ewing Consultants at 9:45:18.85 on 19/11/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.535 [GMT 0:00]
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Ewing Consultants\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files\copernic agent\CopernicAgentExt.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [PCSpeedUp] "c:\program files\pc speed up\PCSpeedUp.exe"
uRun: [hjsedabq] c:\docume~1\ewingc~1\locals~1\temp\wqywwvmfx\ntwtlmotsbl.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\administrator\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pbttbc.bt
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ihs.webex.com/client/T27L/support/ieatgpc.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ras-uk.ihs.com/dana-cached/sc/JuniperSetupClient.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 10.105.10.4 fuji
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 114984]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-10-2 24786]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120]
S0 iidkxdd;iidkxdd;c:\windows\system32\drivers\hheb.sys --> c:\windows\system32\drivers\hheb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2001-8-17 20160]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2007-10-2 45534]
=============== Created Last 30 ================
2010-11-11 11:53:28 -------- d-----w- c:\program files\PC Speed Up
==================== Find3M ====================
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 --sha-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-02-28 12:30:53 2169915 ----a-w- c:\program files\ImgBurn_2.5.0.0.exe
2009-09-07 16:21:04 1648478 ----a-w- c:\program files\FileManager.exe
2007-10-04 07:10:27 12531691 -c--a-w- c:\program files\Kd50e.exe
2006-06-20 17:16:12 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-07-04 14:00:21 217088 -c--a-w- c:\program files\SpaceMonger.exe
2005-04-08 11:11:11 121558528 -c--a-w- c:\program files\AcTR7EFG.exe
2005-03-21 19:52:41 4320768 ----a-w- c:\program files\MSMONEY.EXE
2004-08-04 05:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
============= FINISH: 9:46:36.82 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 21/03/2005 10:06:37
System Uptime: 19/11/2010 08:30:25 (1 hours ago)
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 5.272 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 139.893 GiB free.
E: is CDROM ()
F: is FIXED (FAT) - 2 GiB total, 0.925 GiB free.
G: is FIXED (NTFS) - 112 GiB total, 84.401 GiB free.
==== Disabled Device Manager Items =============
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_70011799&REV_03\4&1C660DD6&0&00F0
Service:
==== System Restore Points ===================
RP37: 29/09/2010 10:24:01 - System Checkpoint
RP38: 29/09/2010 21:54:01 - Software Distribution Service 3.0
RP39: 30/09/2010 09:15:26 - Installed Microsoft Office Outlook Connector
RP40: 01/10/2010 09:33:32 - System Checkpoint
RP41: 02/10/2010 15:39:57 - System Checkpoint
RP42: 03/10/2010 16:32:34 - System Checkpoint
RP43: 04/10/2010 18:15:07 - System Checkpoint
RP44: 06/10/2010 12:55:08 - System Checkpoint
RP45: 07/10/2010 14:29:14 - System Checkpoint
RP46: 08/10/2010 13:47:21 - Software Distribution Service 3.0
RP47: 10/10/2010 09:51:18 - System Checkpoint
RP48: 11/10/2010 10:17:57 - System Checkpoint
RP49: 12/10/2010 11:21:39 - System Checkpoint
RP50: 13/10/2010 14:59:36 - System Checkpoint
RP51: 14/10/2010 22:37:01 - Software Distribution Service 3.0
RP52: 16/10/2010 15:48:36 - System Checkpoint
RP53: 17/10/2010 16:51:39 - System Checkpoint
RP54: 18/10/2010 18:33:08 - System Checkpoint
RP55: 19/10/2010 18:56:33 - System Checkpoint
RP56: 21/10/2010 19:01:14 - System Checkpoint
RP57: 23/10/2010 13:40:32 - System Checkpoint
RP58: 24/10/2010 18:41:12 - System Checkpoint
RP59: 27/10/2010 13:20:00 - System Checkpoint
RP60: 28/10/2010 20:58:47 - System Checkpoint
RP61: 31/10/2010 09:06:49 - System Checkpoint
RP62: 01/11/2010 10:44:25 - System Checkpoint
RP63: 02/11/2010 19:51:17 - System Checkpoint
RP64: 04/11/2010 20:41:04 - System Checkpoint
RP65: 08/11/2010 10:00:14 - System Checkpoint
RP66: 09/11/2010 13:46:36 - System Checkpoint
RP67: 10/11/2010 09:03:05 - Software Distribution Service 3.0
RP68: 10/11/2010 09:04:56 - Software Distribution Service 3.0
RP69: 12/11/2010 09:19:36 - System Checkpoint
RP70: 13/11/2010 18:30:39 - System Checkpoint
RP71: 15/11/2010 19:14:50 - System Checkpoint
RP72: 17/11/2010 08:04:48 - System Checkpoint
RP73: 19/11/2010 08:53:27 - System Checkpoint
==== Installed Programs ======================
7200
7200_Help
7200Trb
ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Avanquest update
Belarc Advisor 7.2
BT Broadband Desktop Help
BT Email Configuration Tool
BT Yahoo! Applications
BTHomeHub
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copernic Agent Basic
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Digital Line Detect
Director
DocProc
DocumentViewer
DWG TrueView 2009
Epic 5.1
ESET Online Scanner v3
ESET Smart Security
Fax
FLV Player X 1.0.1
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HMRC Employer CD-ROM 2009
HMRC Employer CD-ROM 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 940c series (Remove only)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Photo Printing Software
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSSupply
HPSystemDiagnostics
ImgBurn
InstantShare
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Juniper Networks Host Checker
Juniper Networks Network Connect 6.4.0
Juniper Networks Setup Client
Malwarebytes' Anti-Malware
MarketResearch
Maxtor Backup
Maxtor Encryption
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Date and Phone XML Smart Tags
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio Professional 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Modem Helper
Motorola Phone Tools
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
Nero - Burning Rom
NetWaiting
OMCI
PanoStandAlone
PhotoGallery
PowerDVD 5.1
ProductContext
Project Report Presentation Add-in for Microsoft Office Project 2003
QFolder
Readme
RealPlayer
Remove Hidden Data Tool
Sage Instant Accounts
Sage Instant Accounts V12.00
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SkinsHP1
Sonic RecordNow! Plus
Sonic Update Manager
SoundMAX
SpeedTouch USB Software
System Requirements Lab for Intel
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB Device Driver v1.25r004
User Profile Hive Cleanup Service
WebEx
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
19/11/2010 08:29:45, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:45, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
19/11/2010 08:29:44, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxSyncService service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7034] - The MaxBackServiceInt service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 08:29:44, error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
19/11/2010 08:13:00, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg
19/11/2010 08:12:26, error: Service Control Manager [7038] - The SQLBrowser service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
19/11/2010 08:12:26, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
19/11/2010 08:12:26, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The service did not start due to a logon failure.
18/11/2010 18:21:52, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
18/11/2010 17:40:49, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt ehdrv epfwtdi eusk2par Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
18/11/2010 17:40:49, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:49, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
18/11/2010 17:40:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/11/2010 17:31:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
18/11/2010 17:22:33, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 BANTExt ehdrv epfwtdi eusk2par Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss szkg Tcpip
==== End Of File ===========================
Sorry if this is in the wrong place afgain
David