1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] PC Infected...No Internet Access..Plz Help!

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by dashelter, Sep 5, 2011.

Thread Status:
Not open for further replies.
  1. dashelter

    dashelter Established Techie7 Member

    My desktop PC has been running extremely slow.
    PC infected.
    All my other desktops and laptops have internet access....except my desktop pc that is now infected.
    Below are the different logs ran:
    HJT-MalwareBytes - MBR - DDS (2 logs) :

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:01:50 PM, on 9/4/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciServiceHost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\JB\Application Data\FlashGetBHO\FlashGetBHO3.dll
    O2 - BHO: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Somoto Toolbar - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - (no file)
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA3ADIAOAAzADMAMgA1ADYALQBQAEwAKwA5AC0AVQA5ADAAKwAxAC0ARAAzADgAMQBMACsANQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAA"&"prod=54"&"ver=9.0.872
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Qcucisun] rundll32.exe "C:\WINDOWS\MADS3260.dll",Startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\JB\Application Data\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\JB\Application Data\FlashGetBHO\GetUrl.htm
    O8 - Extra context menu item: Download with Xilisoft YouTube to iPod Converter - C:\Program Files\Xilisoft\YouTube to iPod Converter\upod_link.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254516787000
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - AppInit_DLLs: acaptuser32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12561 bytes

    _____________________________________________________________________________

    Malwarebytes' Anti-Malware 1.51.1.1800
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 7649

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    9/4/2011 12:13:42 PM
    mbam-log-2011-09-04 (12-13-42).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 324554
    Time elapsed: 1 hour(s), 34 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\defender.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\documents\setup1911.fon (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\documents and settings\JB\local settings\Temp\8.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP533\A0135194.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP533\A0135195.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP533\A0135196.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP534\A0137461.dll (PUP.Wpakill) -> Not selected for removal.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP534\A0137475.dll (PUP.Wpakill) -> Not selected for removal.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP555\A0145537.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP555\A0147557.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{1afa40e7-7aae-493c-8049-7e4e2b6d5c5b}\RP557\A0147981.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

    ____________________________________________________________________________


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-04 22:04:53
    -----------------------------
    22:04:53.156 OS Version: Windows 5.1.2600 Service Pack 3
    22:04:53.156 Number of processors: 2 586 0xF06
    22:04:53.156 ComputerName: JB-16017162D197 UserName: JB
    22:04:53.781 Initialize success
    22:04:54.500 AVAST engine defs: 11090400
    22:06:02.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    22:06:02.734 Disk 0 Vendor: ST3300822SCE 3.ACH Size: 286168MB BusType: 3
    22:06:04.828 Disk 0 MBR read successfully
    22:06:04.828 Disk 0 MBR scan
    22:06:05.156 Disk 0 unknown MBR code
    22:06:05.203 Disk 0 scanning sectors +586051200
    22:06:06.250 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:06:54.703 Service scanning
    22:06:55.078 Service .afd \* **LOCKED** 123
    22:06:55.125 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
    22:06:55.781 Modules scanning
    22:07:58.937 Disk 0 trace - called modules:
    22:07:58.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
    22:07:59.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b6ab8]
    22:07:59.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a5c69a0]
    22:07:59.000 5 xfilt.sys[ba0f9046] -> nt!IofCallDriver -> \Device\00000079[0x8a5d59e8]
    22:07:59.000 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a5b7940]
    22:07:59.562 AVAST engine scan C:\WINDOWS
    22:10:01.250 AVAST engine scan C:\WINDOWS\system32
    22:19:59.046 AVAST engine scan C:\WINDOWS\system32\drivers
    22:22:19.265 AVAST engine scan C:\Documents and Settings\JB
    23:01:51.093 AVAST engine scan C:\Documents and Settings\All Users
    23:05:50.765 Scan finished successfully
    23:23:42.437 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    23:23:42.453 The log file has been saved successfully to "F:\aswMBR.txt"

    ___________________________________________________________________________


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Run by JB at 23:24:11 on 2011-09-04
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1384 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciServiceHost.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page =
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant =
    mSearchAssistant =
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\jb\application data\flashgetbho\FlashGetBHO3.dll
    BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - Somoto Toolbar
    BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Qcucisun] rundll32.exe "c:\windows\MADS3260.dll",Startup
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA3ADIAOAAzADMAMgA1ADYALQBQAEwAKwA5AC0AVQA5ADAAKwAxAC0ARAAzADgAMQBMACsANQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAA"&"prod=54"&"ver=9.0.872
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: Download all by FlashGet3 - c:\documents and settings\jb\application data\flashgetbho\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\documents and settings\jb\application data\flashgetbho\GetUrl.htm
    IE: Download with Xilisoft YouTube to iPod Converter - c:\program files\xilisoft\youtube to ipod converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: $talisma_url$
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254516787000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CCA4D694-6830-4337-BDBA-67C74D2FA171} : DhcpNameServer = 192.168.1.254
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: acaptuser32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jb\application data\mozilla\firefox\profiles\5a9jkwa4.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
    FF - component: c:\documents and settings\jb\application data\mozilla\firefox\profiles\5a9jkwa4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\jb\application data\mozilla\firefox\profiles\5a9jkwa4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\jb\application data\mozilla\firefox\profiles\5a9jkwa4.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
    FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\windows\downloaded program files\npsoe.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_newwindow - 1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-8-24 17920]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-11 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-11 309848]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-11 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 42184]
    R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-7-15 315392]
    R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2009-8-24 634880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 srv1560;srv1560;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-5-28 44432]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-12-1 36608]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-6 41272]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-6-19 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S4 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
    S4 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
    S4 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
    .
    =============== Created Last 30 ================
    .
    2011-09-05 02:00:28 388096 ----a-r- c:\documents and settings\jb\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-09-03 13:04:07 -------- dc--a-w- C:\clean
    2011-08-28 19:52:36 -------- d-----w- c:\program files\iPod
    2011-08-28 19:52:34 -------- d-----w- c:\program files\iTunes
    2011-08-18 12:49:44 -------- d-----w- c:\documents and settings\jb\local settings\application data\SCE
    2011-08-18 12:47:41 -------- d-----w- c:\program files\Sony Online Entertainment
    2011-08-18 12:47:40 -------- d-----w- c:\documents and settings\jb\application data\Sony Online Entertainment
    2011-08-12 21:09:12 -------- d-----w- c:\documents and settings\jb\local settings\application data\Research In Motion
    2011-08-11 03:16:43 -------- d--h--w- c:\windows\$hf_mig$
    2011-08-11 03:16:26 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-11 03:15:45 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-08-08 17:56:19 -------- dc----w- c:\documents and settings\all users\application data\Citrix
    2011-08-08 17:41:53 -------- d-----w- c:\documents and settings\jb\local settings\application data\Citrix
    2011-08-08 17:41:52 -------- d-----w- c:\documents and settings\jb\application data\ICAClient
    .
    ==================== Find3M ====================
    .
    2011-08-29 19:19:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-21 16:04:08 0 ---ha-w- c:\documents and settings\jb\djmmcvpqeg.tmp
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-11 20:00:24 711728 ----a-w- c:\windows\is-K2MSE.exe
    2010-01-09 23:08:08 14336 ----a-w- c:\program files\wmdmhelper.dll
    2010-01-09 23:08:05 712704 ----a-w- c:\program files\dtdr3260.dll
    2010-01-09 23:08:04 651264 ----a-w- c:\program files\rjbres.dll
    2010-01-09 23:08:04 352256 ----a-w- c:\program files\rjdlg.dll
    2010-01-09 23:08:04 19456 ----a-w- c:\program files\rjprog.dll
    2010-01-09 23:08:04 139264 ----a-w- c:\program files\DUNZIP32.dll
    2010-01-09 23:08:03 36352 ----a-w- c:\program files\ierjplug.dll
    2010-01-09 23:08:02 81920 ----a-w- c:\program files\tsasdk.dll
    2010-01-09 23:08:02 6656 ----a-w- c:\program files\fixrjb.exe
    2010-01-09 23:08:02 41472 ----a-w- c:\program files\mmcdda32.dll
    2010-01-09 23:08:02 19456 ----a-w- c:\program files\tnetdtct.dll
    2010-01-09 23:08:01 57344 ----a-w- c:\program files\tpasdk.dll
    2010-01-09 23:06:59 198208 ----a-w- c:\program files\RecordingManager.exe
    .
    ============= FINISH: 23:26:16.46 ===============

    _____________________________________________________________________________

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/15/2009 9:27:28 PM
    System Uptime: 9/4/2011 6:13:06 PM (5 hours ago)
    .
    Motherboard: Micro-Star | | MS-7255 V2.0
    Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | CPU 1 | 2133/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 204.51 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet Pro L7500
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet Pro L7500
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP531: 6/8/2011 9:12:13 AM - System Checkpoint
    RP532: 6/9/2011 9:17:36 PM - System Checkpoint
    RP533: 6/11/2011 1:28:20 PM - System Checkpoint
    RP534: 6/11/2011 3:36:53 PM - Restore Operation
    RP535: 6/11/2011 7:27:29 PM - Removed ABBYY FineReader 9.0 Sprint
    RP536: 6/11/2011 7:28:15 PM - avast! Free Antivirus Setup
    RP537: 6/11/2011 7:51:21 PM - avast! Free Antivirus Setup
    RP538: 6/17/2011 6:37:37 AM - Software Distribution Service 3.0
    RP539: 6/17/2011 7:03:35 AM - Software Distribution Service 3.0
    RP540: 6/17/2011 7:20:43 AM - Software Distribution Service 3.0
    RP541: 6/17/2011 8:43:09 AM - Installed Windows Internet Explorer 8.
    RP542: 6/17/2011 8:44:13 AM - Software Distribution Service 3.0
    RP543: 6/17/2011 8:50:38 AM - Software Distribution Service 3.0
    RP544: 6/18/2011 10:58:02 PM - System Checkpoint
    RP545: 6/25/2011 5:35:28 PM - Software Distribution Service 3.0
    RP546: 6/25/2011 8:11:18 PM - Software Distribution Service 3.0
    RP547: 6/25/2011 11:03:30 PM - Software Distribution Service 3.0
    RP548: 6/27/2011 10:32:06 PM - System Checkpoint
    RP549: 6/30/2011 9:27:40 PM - Software Distribution Service 3.0
    RP550: 7/11/2011 7:18:16 PM - System Checkpoint
    RP551: 7/15/2011 12:38:10 PM - System Checkpoint
    RP552: 7/15/2011 3:33:45 PM - Software Distribution Service 3.0
    RP553: 7/16/2011 8:25:06 AM - Configured Microsoft Office Enterprise 2007
    RP554: 7/18/2011 10:20:59 PM - System Checkpoint
    RP555: 7/21/2011 10:45:41 AM - System Checkpoint
    RP556: 7/22/2011 6:53:19 PM - System Checkpoint
    RP557: 7/26/2011 6:29:45 PM - System Checkpoint
    RP558: 7/31/2011 4:52:49 PM - System Checkpoint
    RP559: 8/1/2011 5:46:17 PM - System Checkpoint
    RP560: 8/5/2011 8:45:29 AM - System Checkpoint
    RP561: 8/5/2011 10:29:37 AM - Installed Compatibility Pack for the 2007 Office system
    RP562: 8/5/2011 6:01:54 PM - Installed Adobe Acrobat X Pro - English, Français, Deutsch.
    RP563: 8/5/2011 7:34:25 PM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
    RP564: 8/5/2011 7:46:32 PM - Installed Adobe Acrobat 9 Pro Extended - English, Français, Deutsch.
    RP565: 8/6/2011 5:41:53 AM - Software Distribution Service 3.0
    RP566: 8/8/2011 6:47:28 AM - System Checkpoint
    RP567: 8/9/2011 7:11:16 AM - System Checkpoint
    RP568: 8/10/2011 11:24:28 PM - Software Distribution Service 3.0
    RP569: 8/14/2011 7:50:51 AM - System Checkpoint
    RP570: 8/18/2011 12:02:25 PM - System Checkpoint
    RP571: 8/22/2011 6:04:00 PM - System Checkpoint
    RP572: 8/23/2011 6:59:59 PM - Software Distribution Service 3.0
    RP573: 8/28/2011 7:07:27 PM - Removed QuickTime
    RP574: 9/4/2011 12:22:15 PM - Removed MobileMe Control Panel
    RP575: 9/4/2011 12:24:06 PM - Removed Samsung New PC Studio
    RP576: 9/4/2011 12:26:30 PM - Removed Samsung New PC Studio USB Driver Installer
    RP577: 9/4/2011 12:27:58 PM - Removed Microsoft Silverlight
    RP578: 9/4/2011 12:36:16 PM - Removed SUPERAntiSpyware Free Edition
    RP579: 9/4/2011 8:37:14 PM - Removed Microsoft ActiveSync
    RP580: 9/4/2011 10:00:26 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    7-Zip 9.20
    7500_7600_7700_Help
    Acrobat.com
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Advertising Center
    Any Video Converter Professional 3.0.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AT&T Service & Support Tool
    att.net Internet Mail
    avast! Free Antivirus
    BitTorrent
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    Bonjour
    Boxoft PDF to PowerPoint (freeware)
    BPD_HPSU
    BPD_Scan
    BPDSoftware_Ini
    CCleaner
    Cisco Connect
    Citrix online plug-in - web
    Citrix online plug-in (Web)
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 4.0.6.316
    Dell Driver Download Manager
    Dell Driver Download Manager - 1
    DolbyFiles
    Download Accelerator Plus (DAP)
    DVD Catalyst 4.0.2.7
    Epson CreativeZone
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
    Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    EPSON Scan
    EPSON WorkForce 840 Series Printer Uninstall
    EpsonNet Print
    EpsonNet Setup 3.3
    F-Secure PSC Prerequisites
    FairStars Audio Converter 1.81
    FileHippo.com Update Checker
    FlashGet 3.5
    Foxit PDF Editor
    Free PDF to Word Doc Converter v1.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiDownloadPlatinum
    High Definition Audio Driver Package - KB888111
    HiJackThis
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP_Network_UserGuide
    ImagXpress
    ImgBurn
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    JDownloader 0.9
    Juniper Networks Network Connect 6.3.0
    K-Lite Codec Pack 7.1.0 (Standard)
    LTCM Client
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 6.0.1 (x86 en-US)
    MPM
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 7 Ultra Edition
    Nero 9
    Nero ControlCenter
    Nero Installer
    neroxml
    Network
    Nikon Message Center
    PC Connectivity Solution
    PCHand Screen Recorder 1.8.5.4
    PeerBlock 1.1 (r518)
    PictureProject
    Platform
    PowerISO
    ProductContext
    QFolder
    RealPlayer
    Realtek High Definition Audio Driver
    Safari
    SAMSUNG Android USB Modem Software
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile Modem Device Software
    SAMSUNG Mobile Modem Driver Set
    SAMSUNG Mobile Modem V2 Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Download Driver Software
    SAMSUNG Mobile USB Driver
    SAMSUNG Mobile USB Modem 1.0 Software
    Samsung Mobile USB Modem Device Software
    SAMSUNG Mobile USB Modem Software
    SAMSUNG SYMBIAN USB Download Driver
    SAMSUNG USB Mobile Device Software
    SamsungConnectivityCableDriver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spybot - Search & Destroy
    Streambox Vcr Suite 2
    SUPERAntiSpyware
    Temp File Cleaner
    Toolbox
    TurboTax 2010
    TurboTax 2010 wfliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    UltraISO Premium V9.36
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VeryPDF PDF2Word v3.0
    VIA Platform Device Manager
    VIA/S3G Display Driver 6.14.10.0078
    VirtualCom driver
    Virus Guard - powered by BitDefender
    WBFS Manager 3.0
    WD SmartWare
    WebFldrs XP
    WinAVI MP4 Converter
    Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinPcap 4.1.1
    WinRAR
    WinRAR archiver
    WModem Driver Installer
    Xilisoft YouTube to iPod Converter
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    YouTube Downloader 2.7.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/4/2011 9:59:05 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
    9/4/2011 12:49:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASKUTIL SCDEmu Tcpip
    9/4/2011 12:18:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde
    9/4/2011 12:18:39 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
    9/4/2011 12:18:39 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
    9/4/2011 12:18:39 PM, error: Service Control Manager [7023] - The srv1560 service terminated with the following error: The specified module could not be found.
    9/4/2011 12:18:39 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
    9/4/2011 12:18:39 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
    9/4/2011 12:18:39 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: Afd
    9/4/2011 12:15:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    9/4/2011 12:14:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/4/2011 10:38:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip
    9/4/2011 10:38:27 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2011 10:38:27 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2011 10:38:27 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2011 10:38:27 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/4/2011 10:37:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    9/4/2011 10:34:09 AM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
    9/4/2011 10:34:00 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    9/4/2011 10:33:18 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
    9/3/2011 4:13:49 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    8/28/2011 7:08:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    8/28/2011 3:38:33 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    .
    ==== End Of File ===========================


    I appreciate all the help here to get my desktop in working conditions again with internet access.

    Many thanks and looking forward to your instructions.
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  3. dashelter

    dashelter Established Techie7 Member

    It is a different PC.
    *
    I am using a laptop to use DAL Computer Help and explain my situation.
    I have a flash drive that I transfer stuff from the desktop that is not working to my laptop and vice-versa so I can post the different logs on this forum.

    Please help and thanks.
     
    Last edited: Sep 5, 2011
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    To protect your laptop install this on it.

    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*


    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.

    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer

    Then....

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. dashelter

    dashelter Established Techie7 Member

    Below is my combo fix log. Still no internet access.

    ComboFix 11-09-05.05 - JB 09/05/2011 19:47:55.6.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1586 [GMT -4:00]
    Running from: c:\documents and settings\JB\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\JB\Application Data\inst.exe
    c:\documents and settings\JB\djmmcvpqeg.tmp
    c:\documents and settings\JB\g2mdlhlpx.exe
    c:\program files\Mozilla Firefox\searchplugins\search.xml
    c:\windows\MADS3260.dll
    c:\windows\system32\winlogon.bak
    c:\windows\$NtUninstallKB36638$\1375301112 . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-29 19:19 . 2011-05-29 09:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 23:52 . 2010-02-06 20:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2010-02-06 20:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 11:43 . 2011-06-11 23:51 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:43 . 2011-06-11 23:51 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-04 11:36 . 2011-06-11 23:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-04 11:36 . 2011-06-11 23:51 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-04 11:35 . 2011-06-11 23:51 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-04 11:35 . 2011-06-11 23:51 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-07-04 11:35 . 2011-06-11 23:51 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-07-04 11:32 . 2011-06-11 23:51 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-04 11:32 . 2011-06-11 23:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-07-04 11:32 . 2011-06-11 23:51 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-24 14:10 . 2009-08-16 01:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-24 13:17 . 2011-06-24 13:17 69632 ----a-r- c:\documents and settings\JB\Application Data\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2011-06-24 13:17 . 2011-06-24 13:17 413696 ----a-r- c:\documents and settings\JB\Application Data\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2011-06-24 13:17 . 2011-06-24 13:17 413696 ----a-r- c:\documents and settings\JB\Application Data\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2011-06-24 13:17 . 2011-06-24 13:17 413696 ----a-r- c:\documents and settings\JB\Application Data\Microsoft\Installer\{75157F34-02C6-4831-BD66-3BC49E7A8394}\ARPPRODUCTICON.exe
    2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-11 20:00 . 2011-06-11 20:00 711728 ----a-w- c:\windows\is-K2MSE.exe
    2010-01-09 23:08 . 2009-08-27 21:09 14336 ----a-w- c:\program files\wmdmhelper.dll
    2010-01-09 23:08 . 2009-08-27 21:09 712704 ----a-w- c:\program files\dtdr3260.dll
    2010-01-09 23:08 . 2009-08-27 21:09 651264 ----a-w- c:\program files\rjbres.dll
    2010-01-09 23:08 . 2009-08-27 21:09 352256 ----a-w- c:\program files\rjdlg.dll
    2010-01-09 23:08 . 2009-08-27 21:09 19456 ----a-w- c:\program files\rjprog.dll
    2010-01-09 23:08 . 2009-08-27 21:09 139264 ----a-w- c:\program files\DUNZIP32.dll
    2010-01-09 23:08 . 2009-08-27 21:09 36352 ----a-w- c:\program files\ierjplug.dll
    2010-01-09 23:08 . 2009-08-27 21:09 81920 ----a-w- c:\program files\tsasdk.dll
    2010-01-09 23:08 . 2009-08-27 21:09 6656 ----a-w- c:\program files\fixrjb.exe
    2010-01-09 23:08 . 2009-08-27 21:09 41472 ----a-w- c:\program files\mmcdda32.dll
    2010-01-09 23:08 . 2009-08-27 21:09 19456 ----a-w- c:\program files\tnetdtct.dll
    2010-01-09 23:08 . 2009-08-27 21:09 57344 ----a-w- c:\program files\tpasdk.dll
    2010-01-09 23:07 . 2009-08-27 21:09 32768 ----a-w- c:\program files\rpwa3260.dll
    2010-01-09 23:07 . 2009-08-27 21:09 16296 ----a-w- c:\program files\realtfon.fon
    2010-01-09 23:07 . 2010-01-09 23:07 43056 ----a-w- c:\program files\rpshellsearch.dll
    2010-01-09 23:07 . 2009-08-27 21:09 329312 ----a-w- c:\program files\rpbrowserrecordplugin.dll
    2010-01-09 23:07 . 2009-08-27 21:09 719360 ----a-w- c:\program files\dbghelp.dll
    2010-01-09 23:07 . 2009-08-27 21:09 65536 ----a-w- c:\program files\rjwmapln.dll
    2010-01-09 23:07 . 2009-08-27 21:09 53248 ----a-w- c:\program files\rpau3260.dll
    2010-01-09 23:07 . 2009-08-27 21:09 102400 ----a-w- c:\program files\HXAudioDeviceHook.dll
    2010-01-09 23:07 . 2009-08-27 21:09 86016 ----a-w- c:\program files\rpplugprot.dll
    2010-01-09 23:07 . 2009-08-27 21:09 112168 ----a-w- c:\program files\rdsf3260.dll
    2010-01-09 23:07 . 2009-08-27 21:09 63016 ----a-w- c:\program files\rpshell.dll
    2010-01-09 23:07 . 2009-08-27 21:09 7168 ----a-w- c:\program files\realjbox.exe
    2010-01-09 23:07 . 2009-08-27 21:09 14888 ----a-w- c:\program files\rphelperapp.exe
    2010-01-09 23:07 . 2009-08-27 21:08 222728 ----a-w- c:\program files\realplay.exe
    2010-01-09 23:06 . 2009-08-27 21:09 198208 ----a-w- c:\program files\RecordingManager.exe
    2010-03-11 04:01 . 2010-03-11 04:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-03-11 04:40 . 2010-03-11 04:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-03-11 04:02 . 2010-03-11 04:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2010-03-11 04:01 . 2010-03-11 04:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-03-11 04:01 . 2010-03-11 04:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-03-11 04:00 . 2010-03-11 04:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-03-11 04:01 . 2010-03-11 04:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-03-11 04:01 . 2010-03-11 04:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2009-10-05 17:49 . 2009-10-05 17:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-03-11 04:02 . 2010-03-11 04:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-09-03 11:28 . 2011-06-10 00:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-02-01 23:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-04 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA3ADIAOAAzADMAMgA1ADYALQBQAEwAKwA5AC0AVQA5ADAAKwAxAC0ARAAzADgAMQBMACsANQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAA&prod=54&ver=9.0.872" [?]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1560]
    @="service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^JB^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\JB\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
    2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-11-16 23:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2008-11-04 05:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2009-12-17 23:50 976832 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
    2009-12-03 04:00 847872 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
    2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
    2011-01-27 13:57 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
    2006-10-09 21:14 176128 ----a-r- c:\windows\system32\S3Trayp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
    2011-01-21 21:06 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-08-12 21:37 4603264 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-06-04 12:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-01-09 23:06 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2006-09-21 08:36 53248 ----a-r- c:\windows\system32\VTTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]
    2010-01-12 11:01 201216 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGMA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WDSC"=2 (0x2)
    "WDFME"=2 (0x2)
    "WDDMService"=2 (0x2)
    "ServiceLayer"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "NBService"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "IntuitUpdateService"=2 (0x2)
    "idsvc"=3 (0x3)
    "gusvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "FsUsbExService"=2 (0x2)
    "dsNcService"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "avast! Antivirus"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\DAP\\DAP.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\realplay.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:UDP"= 5353:UDP:Bonjour
    "67:UDP"= 67:UDP:DHCP Server
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/11/2011 7:51 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/11/2011 7:51 PM 309848]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/11/2011 7:51 PM 19544]
    R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/15/2011 11:37 AM 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 srv1560;srv1560;c:\windows\system32\svchost.exe -k netsvcs [2/28/2006 8:00 AM 14336]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [5/28/2011 6:35 PM 44432]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/1/2009 8:34 AM 36608]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/6/2010 4:09 PM 41272]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/19/2010 5:03 PM 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 9:48 AM 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 9:48 AM 135664]
    S4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 11:33 AM 110592]
    S4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 11:32 AM 1858048]
    S4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 11:32 AM 482304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    srv1560
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:48]
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:48]
    .
    2011-09-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2011-02-01 23:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant =
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: Download all by FlashGet3 - c:\documents and settings\JB\Application Data\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\documents and settings\JB\Application Data\FlashGetBHO\GetUrl.htm
    IE: Download with Xilisoft YouTube to iPod Converter - c:\program files\Xilisoft\YouTube to iPod Converter\upod_link.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: $talisma_url$
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.254
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    FF - ProfilePath - c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_newwindow - 1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Qcucisun - c:\windows\MADS3260.dll
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
    MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
    MSConfigStartUp-Boxoft Tools - c:\documents and settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe
    MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure\Common\FSM32.EXE
    MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
    MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
    MSConfigStartUp-seyqsuun - c:\documents and settings\JB\Local Settings\Application Data\uvejrv\qanvsysguard.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-09-05 20:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    C:\## aswSnx private storage
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.afd]
    "ImagePath"="\*"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv1560]
    "servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srv1560.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1202660629-1592454029-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(856)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\WLDAP32.dll
    .
    - - - - - - - > 'explorer.exe'(2992)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Citrix\ICA Client\wfcrun32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-05 20:58:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-06 00:58
    .
    Pre-Run: 223,170,572,288 bytes free
    Post-Run: 223,330,516,992 bytes free
    .
    - - End Of File - - 6491A5341D007A3BF57139B54663D1C4

    Awaiting next sets of instructions to help me clean my desktop pc and to help me regain internet access.

    Many thanks.
     
    Last edited: Sep 6, 2011
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Uninstall Ask Toolbar, known foistware.

    Uninstall:
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC

    Registry cleaners/optimizers are not recommended for several reasons:


    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.




    =============================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK

    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\$NtUninstallKB36638$\1375301112
    c:\windows\is-K2MSE.exe
    
    
    Folder::
    c:\windows\$NtUninstallKB36638$\1375301112
    
    NetSvc::
    srv1560
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>;*.local
    Trusted Zone: $talisma_url$
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.afd]
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srv1560]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. dashelter

    dashelter Established Techie7 Member

    Here is the new Combofix log, as requested:

    ComboFix 11-09-05.05 - JB 09/05/2011 23:36:58.7.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1487 [GMT -4:00]
    Running from: c:\documents and settings\JB\Desktop\ComboFix.exe
    Command switches used :: F:\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\windows\$NtUninstallKB36638$\1375301112"
    "c:\windows\is-K2MSE.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\db5a3i5v.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\db5a3i5v.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\chrome.manifest
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\db5a3i5v.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\chrome\xulcache.jar
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\db5a3i5v.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\defaults\preferences\xulcache.js
    c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\db5a3i5v.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\install.rdf
    c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}
    c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\chrome.manifest
    c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\chrome\xulcache.jar
    c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\defaults\preferences\xulcache.js
    c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\install.rdf
    c:\documents and settings\JB\Application Data\PriceGong
    c:\documents and settings\JB\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\JB\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Sinikka\Application Data\Mozilla\Firefox\Profiles\vuq84wa8.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}
    c:\documents and settings\Sinikka\Application Data\Mozilla\Firefox\Profiles\vuq84wa8.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\chrome.manifest
    c:\documents and settings\Sinikka\Application Data\Mozilla\Firefox\Profiles\vuq84wa8.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\chrome\xulcache.jar
    c:\documents and settings\Sinikka\Application Data\Mozilla\Firefox\Profiles\vuq84wa8.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\defaults\preferences\xulcache.js
    c:\documents and settings\Sinikka\Application Data\Mozilla\Firefox\Profiles\vuq84wa8.default\extensions\{4c3036f8-3b21-4b77-87db-40ab96630a6f}\install.rdf
    c:\windows\is-K2MSE.exe
    c:\windows\$NtUninstallKB36638$\1375301112 . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-29 19:19 . 2011-05-29 09:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 23:52 . 2010-02-06 20:09 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2010-02-06 20:09 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-04 11:43 . 2011-06-11 23:51 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:43 . 2011-06-11 23:51 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-04 11:36 . 2011-06-11 23:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-04 11:36 . 2011-06-11 23:51 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-04 11:35 . 2011-06-11 23:51 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-04 11:35 . 2011-06-11 23:51 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-07-04 11:35 . 2011-06-11 23:51 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-07-04 11:32 . 2011-06-11 23:51 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-04 11:32 . 2011-06-11 23:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-07-04 11:32 . 2011-06-11 23:51 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-24 14:10 . 2009-08-16 01:20 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
    2011-06-20 17:44 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2010-01-09 23:08 . 2009-08-27 21:09 14336 ----a-w- c:\program files\wmdmhelper.dll
    2010-01-09 23:08 . 2009-08-27 21:09 712704 ----a-w- c:\program files\dtdr3260.dll
    2010-01-09 23:08 . 2009-08-27 21:09 651264 ----a-w- c:\program files\rjbres.dll
    2010-01-09 23:08 . 2009-08-27 21:09 352256 ----a-w- c:\program files\rjdlg.dll
    2010-01-09 23:08 . 2009-08-27 21:09 19456 ----a-w- c:\program files\rjprog.dll
    2010-01-09 23:08 . 2009-08-27 21:09 139264 ----a-w- c:\program files\DUNZIP32.dll
    2010-01-09 23:08 . 2009-08-27 21:09 36352 ----a-w- c:\program files\ierjplug.dll
    2010-01-09 23:08 . 2009-08-27 21:09 81920 ----a-w- c:\program files\tsasdk.dll
    2010-01-09 23:08 . 2009-08-27 21:09 6656 ----a-w- c:\program files\fixrjb.exe
    2010-01-09 23:08 . 2009-08-27 21:09 41472 ----a-w- c:\program files\mmcdda32.dll
    2010-01-09 23:08 . 2009-08-27 21:09 19456 ----a-w- c:\program files\tnetdtct.dll
    2010-01-09 23:08 . 2009-08-27 21:09 57344 ----a-w- c:\program files\tpasdk.dll
    2010-01-09 23:07 . 2009-08-27 21:09 32768 ----a-w- c:\program files\rpwa3260.dll
    2010-01-09 23:07 . 2009-08-27 21:09 16296 ----a-w- c:\program files\realtfon.fon
    2010-01-09 23:07 . 2010-01-09 23:07 43056 ----a-w- c:\program files\rpshellsearch.dll
    2010-01-09 23:07 . 2009-08-27 21:09 329312 ----a-w- c:\program files\rpbrowserrecordplugin.dll
    2010-01-09 23:07 . 2009-08-27 21:09 719360 ----a-w- c:\program files\dbghelp.dll
    2010-01-09 23:07 . 2009-08-27 21:09 65536 ----a-w- c:\program files\rjwmapln.dll
    2010-01-09 23:07 . 2009-08-27 21:09 53248 ----a-w- c:\program files\rpau3260.dll
    2010-01-09 23:07 . 2009-08-27 21:09 102400 ----a-w- c:\program files\HXAudioDeviceHook.dll
    2010-01-09 23:07 . 2009-08-27 21:09 86016 ----a-w- c:\program files\rpplugprot.dll
    2010-01-09 23:07 . 2009-08-27 21:09 112168 ----a-w- c:\program files\rdsf3260.dll
    2010-01-09 23:07 . 2009-08-27 21:09 63016 ----a-w- c:\program files\rpshell.dll
    2010-01-09 23:07 . 2009-08-27 21:09 7168 ----a-w- c:\program files\realjbox.exe
    2010-01-09 23:07 . 2009-08-27 21:09 14888 ----a-w- c:\program files\rphelperapp.exe
    2010-01-09 23:07 . 2009-08-27 21:08 222728 ----a-w- c:\program files\realplay.exe
    2010-01-09 23:06 . 2009-08-27 21:09 198208 ----a-w- c:\program files\RecordingManager.exe
    2011-09-03 11:28 . 2011-06-10 00:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
    backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^JB^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\JB\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
    2010-07-27 10:15 1573888 ----a-w- c:\program files\ATT-SST\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-11-16 23:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2008-11-04 05:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2009-12-17 23:50 976832 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
    2009-12-03 04:00 847872 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
    2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-11-11 21:43 288088 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
    2006-10-09 21:14 176128 ----a-r- c:\windows\system32\S3Trayp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-08-12 21:37 4603264 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-06-04 12:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-01-09 23:06 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    2006-09-21 08:36 53248 ----a-r- c:\windows\system32\VTTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 840(Network)]
    2010-01-12 11:01 201216 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGMA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WDSC"=2 (0x2)
    "WDFME"=2 (0x2)
    "WDDMService"=2 (0x2)
    "ServiceLayer"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "NBService"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "IntuitUpdateService"=2 (0x2)
    "idsvc"=3 (0x3)
    "gusvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "FsUsbExService"=2 (0x2)
    "dsNcService"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "avast! Antivirus"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\DAP\\DAP.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\realplay.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
    "c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:UDP"= 5353:UDP:Bonjour
    "67:UDP"= 67:UDP:DHCP Server
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/11/2011 7:51 PM 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/11/2011 7:51 PM 309848]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/11/2011 7:51 PM 19544]
    R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [7/15/2011 11:37 AM 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [5/28/2011 6:35 PM 44432]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/1/2009 8:34 AM 36608]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/6/2010 4:09 PM 41272]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/19/2010 5:03 PM 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 9:48 AM 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 9:48 AM 135664]
    S4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 11:33 AM 110592]
    S4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 11:32 AM 1858048]
    S4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 11:32 AM 482304]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:48]
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchAssistant =
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: Download all by FlashGet3 - c:\documents and settings\JB\Application Data\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\documents and settings\JB\Application Data\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    FF - ProfilePath - c:\documents and settings\JB\Application Data\Mozilla\Firefox\Profiles\5a9jkwa4.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_external - 1
    FF - user.js: browser.link.open_newwindow - 1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-srv1560
    MSConfigStartUp-ConnectionCenter - c:\program files\Citrix\ICA Client\concentr.exe
    MSConfigStartUp-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe
    MSConfigStartUp-RIMBBLaunchAgent - c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-09-05 23:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1202660629-1592454029-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(856)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(184)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-05 23:56:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-06 03:56
    ComboFix2.txt 2011-09-06 00:58
    .
    Pre-Run: 223,457,607,680 bytes free
    Post-Run: 223,472,480,256 bytes free
    .
    - - End Of File - - D6B70DD324193AF3ECFF64B186380B67

    Awaiting your next instructions. Still no internet.

    Many thanks.
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe


    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:

    Code:
    DeleteFolder: 
    c:\windows\$NtUninstallKB36638$\1375301112
    


    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\



    ===================================================

    Please download MiniToolBox and run it.

    Checkmark following boxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size

    Click Go and post the result.
     
  9. dashelter

    dashelter Established Techie7 Member

    Per your request, below are the minitoolbox results:
    MiniToolBox by Farbar
    Ran by JB (administrator) on 06-09-2011 at 05:14:17
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************

    ========================= Flush DNS: ===================================


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp

    # Interface IP Configuration for "Network Connect Adapter"

    set address name="Network Connect Adapter" source=dhcp
    set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
    set wins name="Network Connect Adapter" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : jb-16017162d197

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Broadcast

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : gateway.2wire.net

    Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

    Physical Address. . . . . . . . . : 00-19-DB-A2-48-08

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

    DHCP Server . . . . . . . . . . . : 192.168.1.254

    DNS Servers . . . . . . . . . . . : 192.168.1.254



    Ethernet adapter Network Connect Adapter:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter

    Physical Address. . . . . . . . . : 00-FF-60-CB-51-8A

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.

    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.



    Pinging 127.0.0.1 with 32 bytes of data:



    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



    Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 19 db a2 48 08 ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
    0x10004 ...00 ff 60 cb 51 8a ...... Juniper Network Connect Virtual Adapter
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    255.255.255.255 255.255.255.255 255.255.255.255 2 1
    255.255.255.255 255.255.255.255 255.255.255.255 10004 1
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
    Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (08/14/2011 06:48:51 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\RECENT\0008.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/14/2011 06:48:51 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\RECENT\0008.LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/12/2011 05:10:32 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
    Description: EventType clr20r3, P1 rim.desktop.exe, P2 6.1.0.35, P3 4dee095a, P4 rim.desktop.services.device, P5 6.1.0.35, P6 4dee08f3, P7 927, P8 17, P9 clr20r30, P10 clr20r31.

    Error: (08/10/2011 11:36:44 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\RECENT\REMOVABLE DISK (F).LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/10/2011 11:36:44 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\RECENT\REMOVABLE DISK (F).LNK> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (08/05/2011 07:29:24 PM) (Source: MsiInstaller) (User: JB)JB
    Description: Product: Adobe Acrobat 9 Pro Extended - English, Français, Deutsch -- Setup has detected that you already have a more functional product installed. Setup will now terminate.

    Error: (08/05/2011 05:04:56 PM) (Source: Application Error) (User: )
    Description: Faulting application pdf2word.exe, version 3.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x02a6b060.
    Processing media-specific event for [pdf2word.exe!ws!]

    Error: (07/28/2011 03:15:17 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY GENIUS.ITDB-JOURNAL> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (07/28/2011 03:15:17 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (07/28/2011 03:15:15 PM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\DOCUMENTS AND SETTINGS\JB\MY DOCUMENTS\MY MUSIC\DOWNLOADED MUSIC\PODCASTS\PUREHOUSEMUSIC.NET DJ MIXES\DOWNLOAD.MP3> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (09/06/2011 05:12:28 AM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (09/06/2011 05:11:58 AM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

    Error: (09/06/2011 05:11:58 AM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (09/06/2011 05:11:28 AM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

    Error: (09/06/2011 05:11:28 AM) (Source: DCOM) (User: SYSTEM)
    Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

    Error: (09/06/2011 05:11:01 AM) (Source: Service Control Manager) (User: )
    Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd

    Error: (09/06/2011 05:11:00 AM) (Source: Service Control Manager) (User: )
    Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).

    Error: (09/06/2011 05:11:00 AM) (Source: Service Control Manager) (User: )
    Description: The Automatic Updates service terminated with the following error:
    %%2147952450

    Error: (09/06/2011 05:11:00 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
    %%10050

    Error: (09/06/2011 05:11:00 AM) (Source: Service Control Manager) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%10050


    Microsoft Office Sessions:
    =========================
    Error: (07/16/2010 05:56:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1139 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (10/06/2009 04:58:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (10/05/2009 10:01:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (10/05/2009 10:01:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (10/02/2009 04:48:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 212 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (09/04/2009 06:59:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1530 seconds with 240 seconds of active time. This session ended with a crash.


    ========================= Memory info: ===================================

    Percentage of memory in use: 21%
    Total physical RAM: 1982.36 MB
    Available physical RAM: 1561.68 MB
    Total Pagefile: 4802.3 MB
    Available Pagefile: 4615.91 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1996.54 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:279.45 GB) (Free:208.14 GB) NTFS
    4 Drive f: (BOOT) (Removable) (Total:0.88 GB) (Free:0.87 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\JB-16017162D197

    Administrator ASPNET Guest0
    Guest HelpAssistant JB
    Guest2 Guest3 SUPPORT_388945a0


    **** End of log ****

    Awaiting your next ets of instructions to bring everything back to normal with my PC. Still no internet.
    Again, many thanks.
     
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I still need Blitzbank log.
     
  11. dashelter

    dashelter Established Techie7 Member

    i cannot get blitzbank log, as it is telling me syntax error and wrong path on line 2.
    plz help and thanks.
     
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Retry with this code:

    Code:
    DeleteFile:  
    c:\windows\$NtUninstallKB36638$\1375301112[COLOR=#FF0000]
    [/COLOR]

     
  13. dashelter

    dashelter Established Techie7 Member

    here's the blitzbank log:

    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    MoveFileOnReboot: sourceFile = "\??\c:\windows\$ntuninstallkb36638$\1375301112", destinationFile = "(null)", replaceWithDummy = 0
    RemoveFile: ZwDeleteFile failed: status = c0000279

    Still no internet.
    Awaiting your next sets of instructions.

    Many thanks.
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Let's try some basic steps....

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: Download WinSockFix 1.1.0.13 Free - WinSockFix - A free Winsock/Tcp repair utility - Softpedia (doesn't work in Vista and 7)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
    Dial-a-fix - Lunarsoft Wiki

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
     
  15. dashelter

    dashelter Established Techie7 Member

    Nothing worked. Still same issues. No internet.
    Dial a fix would not unzip for some reasons.
    Need more help.

    thanks.
     
  16. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    What do you mean "won't unzip"?

    Redownload, try second link.

    Do you have any errors in Device Manager?
     
  17. dashelter

    dashelter Established Techie7 Member

    I tried both links.
    It's telling to insert last volume of the sets....
    and the compressed zip folder is invalid or corrupted.

    Is there a way that you can send me a .exe link?
    It's simply not working on my dead machine...even in Safe Mode.

    Any other suggestions?
     
  18. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  19. dashelter

    dashelter Established Techie7 Member

    Here's the DAF Log:
    11:10:38 PM | Dial-a-fix was unable to determine your version of Internet Explorer
    Notes about this log:
    1) "->" denotes an external command being executed, and "-> (number)" indicates
    the return code from the previous command
    2) Not all external command return codes are accurate, or useful
    3) Sometimes commands return 0 (no error) even when they fail or crash
    4) If an error occurs while registering an object, please send an email to:
    dial-a-fix@DjLizard.net and include a copy of this log

    DAF version: v0.60.0.24

    --- System info ---
    OS: Microsoft Windows XP Service Pack 3
    IE version: 8.0.6001.18702
    MPC: 76477-OEM
    CPU: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz (~2160MHz)
    CPU: CPU is 64-bit or has 64-bit extensions
    CPU: 2 CPU cores present
    BIOS: 4/4/2007
    Memory (approx): 1982MB
    Uptime: 0 hour(s)
    Current directory: F:\Dial-a-fix-v0.60.0.24
    ---

    9/6/2011 11:10:38 PM -- Dial-a-fix : [v0.60.0.24] -- started
    11:10:38 PM | Policy scan started
    11:10:38 PM | Policy scan ended - no restrictive policies were found
    --- Repair permissions ---
    --- Network interface reset ---
    --- Registration: Explorer/IE/OE/shell/WMP ---
    11:12:28 PM | Registered: C:\WINDOWS\system32\activeds.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\audiodev.dll
    11:12:29 PM | DllInstalled: C:\WINDOWS\system32\browseui.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\browseui.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\browsewm.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\cabview.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\cdfview.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\clbcatex.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\clbcatq.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\comcat.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\cscui.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\credui.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\datime.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\devmgr.dll
    11:12:29 PM | Registered: C:\WINDOWS\system32\dfsshlex.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dmdlgs.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dmdskmgr.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dmloader.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dmocx.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dmview.ocx
    11:12:30 PM | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dsuiext.dll
    11:12:30 PM | DllInstalled: C:\WINDOWS\system32\dsquery.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dsquery.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\dskquoui.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\els.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\es.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\fontext.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\hlink.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\hnetcfg.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\iedkcs32.dll
    11:12:30 PM | Registered: C:\WINDOWS\system32\iepeers.dll
    11:12:30 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
    11:12:44 PM | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
    11:12:45 PM | Registered: C:\WINDOWS\system32\ils.dll
    11:12:45 PM | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
    11:12:45 PM | Registered: C:\WINDOWS\system32\inetcfg.dll
    11:12:45 PM | Registered: C:\WINDOWS\system32\inetcomm.dll
    11:12:45 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
    11:12:46 PM | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
    11:12:46 PM | Registered: C:\WINDOWS\system32\laprxy.dll
    11:12:47 PM | Registered: C:\WINDOWS\system32\lmrt.dll
    11:12:47 PM | Registered: C:\WINDOWS\system32\mlang.dll
    11:12:47 PM | Registered: C:\WINDOWS\system32\mmcndmgr.dll
    11:12:47 PM | Registered: C:\WINDOWS\system32\mmcshext.dll
    11:12:48 PM | Registered: C:\WINDOWS\system32\mscoree.dll
    11:12:48 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.19120
    11:12:49 PM | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.19120
    11:12:50 PM | Registered: C:\WINDOWS\system32\mshtmled.dll
    11:12:50 PM | Registered: C:\WINDOWS\system32\msieftp.dll
    11:12:50 PM | Registered: C:\WINDOWS\system32\msoeacct.dll
    11:12:50 PM | Registered: C:\WINDOWS\system32\msr2c.dll
    11:12:50 PM | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
    11:12:51 PM | DllInstalled: C:\WINDOWS\system32\mydocs.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\mydocs.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\mstime.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\netcfgx.dll
    11:12:51 PM | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\netplwiz.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\netman.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\netshell.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\ntmsevt.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\ntmsmgr.dll
    11:12:51 PM | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
    11:12:51 PM | Registered: C:\WINDOWS\system32\ntmssvc.dll
    11:12:51 PM | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.19098
    11:13:00 PM | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.19098
    11:13:01 PM | Registered: C:\WINDOWS\system32\ole32.dll
    11:13:01 PM | Registered: C:\WINDOWS\system32\oleaut32.dll
    11:13:01 PM | Registered: C:\WINDOWS\system32\oleacc.dll
    11:13:01 PM | Registered: C:\WINDOWS\system32\olepro32.dll
    11:13:01 PM | DllInstalled: C:\WINDOWS\system32\photowiz.dll
    11:13:01 PM | Registered: C:\WINDOWS\system32\photowiz.dll
    11:13:01 PM | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
    11:13:02 PM | Registered: C:\WINDOWS\system32\remotepg.dll
    11:13:02 PM | Registered: C:\WINDOWS\system32\rpcrt4.dll
    11:13:02 PM | Registered: C:\WINDOWS\system32\rshx32.dll
    11:13:02 PM | Registered: C:\WINDOWS\system32\sendmail.dll
    11:13:02 PM | Registered: C:\WINDOWS\system32\slayerxp.dll
    11:13:02 PM | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
    11:13:02 PM | Registered: C:\WINDOWS\system32\shdocvw.dll
    11:13:02 PM | Registered: C:\WINDOWS\system32\shell32.dll
    11:13:05 PM | DllInstalled: C:\WINDOWS\system32\shell32.dll
    11:13:05 PM | Registered: C:\WINDOWS\system32\shmedia.dll
    11:13:05 PM | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
    11:13:05 PM | Registered: C:\WINDOWS\system32\shimgvw.dll
    11:13:06 PM | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\shsvcs.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\srclient.dll
    11:13:06 PM | Unregistered: C:\WINDOWS\system32\stobject.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\stobject.dll
    11:13:06 PM | DllInstalled: C:\WINDOWS\system32\themeui.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\themeui.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\twext.dll
    11:13:06 PM | DllInstalled: C:\WINDOWS\system32\urlmon.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\urlmon.dll
    11:13:06 PM | Registered: C:\WINDOWS\system32\userenv.dll
    11:13:06 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
    11:13:10 PM | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
    11:13:11 PM | Registered: C:\WINDOWS\system32\webvw.dll
    11:13:11 PM | Registered: C:\WINDOWS\system32\winhttp.dll
    11:13:11 PM | DllInstalled: C:\WINDOWS\system32\wininet.dll
    11:13:11 PM | Registered: C:\WINDOWS\system32\zipfldr.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll
    11:13:11 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmeng.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msdmine.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolap80.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msolui80.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll
    11:13:12 PM | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll
    11:13:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll
    11:13:13 PM | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll
    --
     
  20. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    You didn't say if you have any errors in Device Manager.

    It looks like you have some system files problem.

    Go Start>Run ("Start Search" in Vista/7), type in:
    sfc /scannow
    Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
    Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
    If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).
     
Thread Status:
Not open for further replies.