Svchost.exe - Page 2

Question

jholland1964 650 Posting Expert

13 Years Ago

The main reason I believe is you have running, right this minute,
CA eTrust Antivirus
COMODO Internet Security
Registry Mechanic 8.0
Unlocker
iTunes
iPod
quite possibly the Windows Firewall, though can't be sure about that. I know it has tried to start according to some of your Error log listings.

Open the task manager and stop these items:
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Registry Mechanic\RegMech.exe
ATF-Cleaner(2).exe

jholland1964 650 Posting Expert

13 Years Ago

Looks much better. You need to get these two entries out of your trusted zone:

Trusted Zone: gamelink.com\drm
Trusted Zone: gamelink.com\www

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Kenney 0 Junior Poster in Training · Answer 1 · 2011-02-22T10:22:47+00:00

2nd portion of DDS.txt log:

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Realtime Monitor] "c:\progra~1\ca\etrust~1\realmon.exe" -s
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Hhapucineputeh] rundll32.exe "c:\windows\ajicoyusikunose.dll",Startup
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe

Kenney 0 Junior Poster in Training · Answer 2 · 2011-02-22T10:24:54+00:00

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll
Trusted Zone: gamelink.com\drm
Trusted Zone: gamelink.com\www

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2011-02-22T10:27:00+00:00

@jholland1964 : Speaking from experience, I find that the most effective way to dis-infect a computer is to do it manually. You are assuming that others would just search any instructions without thinking for themselves (in which case how do they know if following your instructions would not lead them into a worse situation?)

And you obviously never saw the leading thread titled Read me before posting a request for assistance

You obviously think that your way of dis-infecting a computer by downloading tools is the only way, that is fine. I do not have a problem with that. I respect other people who hold different views. To twist and undermine someone else's advice is however totally uncalled for.
Perhaps you would like to remove my posts, you can carry on as you wish.

The advice that Judy gave is the way that we all do it here. You do not like it? That's fine. You do not have to post. If you do wish to post, we ask that you follow the format that has worked here for years.

Posts are not deleted unless they break the rules.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 4 · 2011-02-22T10:36:17+00:00

jholland1964 650 Posting Expert

13 Years Ago

Kenney, are you still here? Need the rest of the log.

Kenney 0 Junior Poster in Training · Answer 5 · 2011-02-22T10:42:28+00:00

Yeah I'm still here. I keep getting this timeout connection each time I try to paste...very frustrating.

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\64a7lc56.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\comodo\hopsurftoolbar\hopsurfext_ff3_5\components\hopsurf.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HopSurf®: {1DA0528B-1DD8-4167-BFAF-E0EF94939F93} - c:\program files\comodo\hopsurftoolbar\hopsurfext_ff3_5
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C800BD62-DC22-4251-A62B-6DB4DCFB5CF3} - c:\documents and settings\administrator\local settings\application data\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-8 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-8 25160]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-10-8 723632]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2011-02-21 19:16:49 -------- dc----w- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2011-02-06 07:10:06 -------- d-----w- C:\9d1a4fd1d165859c34c74e7d70f2
2011-02-03 20:03:16 0 ----a-w- c:\windows\Dfenap.bin
2011-02-03 20:03:11 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}
2011-02-03 20:01:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\oNaHaKi15400

==================== Find3M ====================

2011-01-22 17:42:44 19985265 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.1.5-win32.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST340016A rev.3.75 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8332C85C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x83332a38]; MOV EAX, [0x83332ab4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83383AB8]
3 CLASSPNP[0xF87F905B] -> nt!IofCallDriver[0x804E37D5] -> [0x832981D8]
\Driver\atapi[0x8339E6F0] -> IRP_MJ_CREATE -> 0x8332C85C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST340016A_______________________________3.75____#483339534e564d32202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8332C6A2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 22:11:00.67 ===============

Kenney 0 Junior Poster in Training · Answer 6 · 2011-02-22T10:44:35+00:00

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {44489742-B6B9-456E-907B-734BC7A821BE} = 156.154.70.22,156.154.71.22
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Kenney 0 Junior Poster in Training · Answer 7 · 2011-02-22T10:45:26+00:00

Ok, I was finally able to get all in. Sorry about that. Not sure why I was getting that timed out message each time.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 8 · 2011-02-22T10:51:52+00:00

Ok, you have a rootkit on there. You need to run this tool:

Please read carefully and follow these steps.

* Download TDSSKiller and save it to your Desktop.
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kenney 0 Junior Poster in Training · Answer 9 · 2011-02-22T10:54:43+00:00

Kenney 0 Junior Poster in Training

13 Years Ago

Ok done. I'm about to uninstall Comodo all together.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 10 · 2011-02-22T10:57:26+00:00

jholland1964 650 Posting Expert

13 Years Ago

I'm about to uninstall Comodo all together.

Good idea!

Kenney 0 Junior Poster in Training · Answer 11 · 2011-02-22T11:10:43+00:00

2011/02/21 23:58:54.0921 2628 TDSS 2011/02/21 23:58:56.0921 2628 ====== 2011/02/21 23:58:56.0921 2628 System 2011/02/21 23:58:56.0921 2628
2011/02/21 23:58:56.0921 2628 OS 2011/02/21 23:58:56.0921 2628 Product 2011/02/21 23:58:56.0937 2628 ComputerName: 2011/02/21 23:58:56.0953 2628 UserName: 2011/02/21 23:58:56.0953 2628 Windows 2011/02/21 23:58:56.0953 2628 System 2011/02/21 23:58:56.0953 2628 Processor 2011/02/21 23:58:56.0953 2628 Number 2011/02/21 23:58:56.0953 2628 Page 2011/02/21 23:58:56.0953 2628 Boot 2011/02/21 23:58:56.0953 2628 ====== 2011/02/21 23:59:01.0562 2628 Initialize 2011/02/21 23:59:06.0828 2156 ====== 2011/02/21 23:59:06.0828 2156 Scan 2011/02/21 23:59:06.0828 2156 Mode: 2011/02/21 23:59:06.0828 2156 ====== 2011/02/21 23:59:08.0843 2156 ACPI 2011/02/21 23:59:08.0953 2156 ACPIEC 2011/02/21 23:59:09.0437 2156 aeaudio 2011/02/21 23:59:09.0734 2156 aec 2011/02/21 23:59:09.0843 2156 AFD 2011/02/21 23:59:10.0546 2156 AsyncMac 2011/02/21 23:59:10.0671 2156 atapi 2011/02/21 23:59:10.0828 2156 Atmarpc 2011/02/21 23:59:10.0937 2156 audstub 2011/02/21 23:59:11.0046 2156 Beep 2011/02/21 23:59:11.0187 2156 cbidf2k 2011/02/21 23:59:11.0406 2156 Cdaudio 2011/02/21 23:59:11.0515 2156 Cdfs 2011/02/21 23:59:11.0640 2156 Cdr4_xp 2011/02/21 23:59:11.0750 2156 Cdralw2k 2011/02/21 23:59:11.0968 2156 Cdrom 2011/02/21 23:59:12.0062 2156 cdudf_xp 2011/02/21 23:59:12.0203 2156 cercsr6 2011/02/21 23:59:12.0421 2156 cmdGuard 2011/02/21 23:59:12.0531 2156 cmdHlp 2011/02/21 23:59:12.0875 2156 Disk 2011/02/21 23:59:13.0031 2156 dmboot 2011/02/21 23:59:13.0234 2156 dmio 2011/02/21 23:59:13.0328 2156 dmload 2011/02/21 23:59:13.0500 2156 DMusic 2011/02/21 23:59:13.0703 2156 drmkaud 2011/02/21 23:59:13.0796 2156 dvd_2K 2011/02/21 23:59:13.0906 2156 E1000 2011/02/21 23:59:14.0062 2156 Fastfat 2011/02/21 23:59:14.0171 2156 Fdc 2011/02/21 23:59:14.0281 2156 Fips 2011/02/21 23:59:14.0375 2156 Flpydisk 2011/02/21 23:59:14.0500 2156 FltMgr 2011/02/21 23:59:14.0625 2156 Fs_Rec 2011/02/21 23:59:14.0703 2156 Ftdisk 2011/02/21 23:59:14.0796 2156 GEARAspiWDM 2011/02/21 23:59:14.0921 2156 Gpc 2011/02/21 23:59:15.0093 2156 HTTP 2011/02/21 23:59:15.0359 2156 i8042prt 2011/02/21 23:59:15.0531 2156 ialm 2011/02/21 23:59:15.0703 2156 Imapi 2011/02/21 23:59:15.0906 2156 INO_FLPY 2011/02/21 23:59:16.0015 2156 INO_FLTR 2011/02/21 23:59:16.0125 2156 Inspect 2011/02/21 23:59:16.0265 2156 IntelIde 2011/02/21 23:59:16.0375 2156 intelppm 2011/02/21 23:59:16.0546 2156 Ip6Fw 2011/02/21 23:59:16.0656 2156 IpFilterDriver 2011/02/21 23:59:16.0750 2156 IpInIp 2011/02/21 23:59:16.0859 2156 IpNat 2011/02/21 23:59:16.0968 2156 IPSec 2011/02/21 23:59:17.0062 2156 IRENUM 2011/02/21 23:59:17.0187 2156 isapnp 2011/02/21 23:59:17.0296 2156 Kbdclass 2011/02/21 23:59:17.0390 2156 kmixer 2011/02/21 23:59:17.0531 2156 KSecDD 2011/02/21 23:59:17.0796 2156 mmc_2K 2011/02/21 23:59:17.0890 2156 mnmdd 2011/02/21 23:59:18.0000 2156 Modem 2011/02/21 23:59:18.0093 2156 Mouclass 2011/02/21 23:59:18.0156 2156 MountMgr 2011/02/21 23:59:18.0343 2156 MREMP50 2011/02/21 23:59:18.0437 2156 MRESP50 2011/02/21 23:59:18.0656 2156 MRxDAV 2011/02/21 23:59:18.0781 2156 MRxSmb 2011/02/21 23:59:18.0937 2156 Msfs 2011/02/21 23:59:19.0046 2156 MSKSSRV 2011/02/21 23:59:19.0171 2156 MSPCLOCK 2011/02/21 23:59:19.0328 2156 MSPQM 2011/02/21 23:59:19.0484 2156 mssmbios 2011/02/21 23:59:19.0656 2156 Mup 2011/02/21 23:59:19.0750 2156 NDIS 2011/02/21 23:59:19.0859 2156 NdisTapi 2011/02/21 23:59:19.0953 2156 Ndisuio 2011/02/21 23:59:20.0093 2156 NdisWan 2011/02/21 23:59:20.0203 2156 NDProxy 2011/02/21 23:59:20.0312 2156 NetBIOS 2011/02/21 23:59:20.0453 2156 NetBT 2011/02/21 23:59:20.0625 2156 Npfs 2011/02/21 23:59:20.0750 2156 Ntfs 2011/02/21 23:59:20.0906 2156 Null 2011/02/21 23:59:21.0000 2156 NwlnkFlt 2011/02/21 23:59:21.0125 2156 NwlnkFwd 2011/02/21 23:59:21.0250 2156 OMCI 2011/02/21 23:59:21.0375 2156 Parport 2011/02/21 23:59:21.0468 2156 PartMgr 2011/02/21 23:59:21.0546 2156 ParVdm 2011/02/21 23:59:21.0640 2156 PCI 2011/02/21 23:59:21.0781 2156 PCIIde 2011/02/21 23:59:21.0875 2156 Pcmcia 2011/02/21 23:59:22.0406 2156 PptpMiniport 2011/02/21 23:59:22.0562 2156 PSched 2011/02/21 23:59:22.0687 2156 Ptilink 2011/02/21 23:59:22.0781 2156 pwd_2k 2011/02/21 23:59:23.0203 2156 RasAcd 2011/02/21 23:59:23.0312 2156 Rasl2tp 2011/02/21 23:59:23.0421 2156 RasPppoe 2011/02/21 23:59:23.0531 2156 Raspti 2011/02/21 23:59:23.0656 2156 Rdbss 2011/02/21 23:59:23.0796 2156 RDPCDD 2011/02/21 23:59:23.0921 2156 rdpdr 2011/02/21 23:59:24.0078 2156 RDPWD 2011/02/21 23:59:24.0187 2156 redbook 2011/02/21 23:59:24.0390 2156 SASKUTIL 2011/02/21 23:59:24.0531 2156 Secdrv 2011/02/21 23:59:24.0671 2156 serenum 2011/02/21 23:59:24.0765 2156 Serial 2011/02/21 23:59:24.0890 2156 Sfloppy 2011/02/21 23:59:25.0093 2156 smwdm 2011/02/21 23:59:25.0343 2156 splitter 2011/02/21 23:59:25.0453 2156 sr 2011/02/21 23:59:25.0625 2156 Srv 2011/02/21 23:59:25.0796 2156 swenum 2011/02/21 23:59:25.0921 2156 swmidi 2011/02/21 23:59:26.0250 2156 sysaudio 2011/02/21 23:59:26.0421 2156 Tcpip 2011/02/21 23:59:26.0578 2156 TDPIPE 2011/02/21 23:59:26.0703 2156 TDTCP 2011/02/21 23:59:26.0796 2156 TermDD 2011/02/21 23:59:27.0000 2156 UdfReadr_xp 2011/02/21 23:59:27.0093 2156 Udfs 2011/02/21 23:59:27.0281 2156 UnlockerDriver5 2011/02/21 23:59:27.0421 2156 Update 2011/02/21 23:59:27.0593 2156 USBAAPL 2011/02/21 23:59:27.0718 2156 usbehci 2011/02/21 23:59:27.0812 2156 usbhub 2011/02/21 23:59:27.0906 2156 usbscan 2011/02/21 23:59:28.0000 2156 USBSTOR 2011/02/21 23:59:28.0093 2156 usbuhci 2011/02/21 23:59:28.0187 2156 VgaSave 2011/02/21 23:59:28.0437 2156 VolSnap 2011/02/21 23:59:28.0640 2156 Wanarp 2011/02/21 23:59:28.0781 2156 wdmaud 2011/02/21 23:59:29.0078 2156 WudfPf 2011/02/21 23:59:29.0187 2156 WudfRd 2011/02/21 23:59:29.0375 2156 {6080A 2011/02/21 23:59:29.0500 2156 {D31A0 2011/02/21 23:59:29.0546 2156 \HardDisk0 2011/02/21 23:59:29.0562 2156 ====== 2011/02/21 23:59:29.0562 2156 Scan 2011/02/21 23:59:29.0562 2156 ====== 2011/02/21 23:59:29.0593 3660 Detected 2011/02/21 23:59:46.0578 3660 \HardDisk0 2011/02/21 23:59:46.0578 3660 Rootki 2011/02/22 00:00:13.0531 0332 Deinitialize rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
==========================================================================
Info:
Version: 5.1.2600 ServicePack: 2.0
type: Workstation
GPC1121-134CA48
Administrator
directory: C:\WINDOWS
windows directory: C:\WINDOWS
architecture: Intel x86
of processors: 1
size: 0x1000
type: Normal boot
==========================================================================
success
==========================================================================
started
Manual;
==========================================================================
(a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
(9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
(11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
(1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
(55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
(02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
(cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
(ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
(d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
(da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
(90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
(c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
(cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
(297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
(5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
(af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
(cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
(84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
(775114ca0a70699d482c9e63f03228b4) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
(04420541157953921f10fb91a147a5f4) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
(00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
(c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
(f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
(e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
(a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
(1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
(677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
(854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
(3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
(ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
(e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
(0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
(3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
(3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
(6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
(8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
(c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
(9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
(5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
(44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
(f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
(f45da362be40f56f35af1bbf1b23ea80) C:\WINDOWS\system32\Drivers\ino_flpy.sys
(d6e645a6b8fea3d96059c4b588345bc7) C:\WINDOWS\system32\Drivers\ino_fltr.sys
(4d7465745dbb8742c7ee55c007dddb7c) C:\WINDOWS\system32\DRIVERS\inspect.sys
(2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
(279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
(4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
(731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
(e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
(e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
(64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
(50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
(e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
(ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
(ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
(674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
(9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
(4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
(6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
(34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
(65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
(80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
(37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
(29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
(fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
(561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
(ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
(13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
(1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
(469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
(82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
(558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
(08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
(34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
(0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
(59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
(3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
(0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
(4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
(19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
(73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
(b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
(c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
(cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
(29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
(3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
(70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
(8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
(ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
(82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
(1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
(48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
(80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
(d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
(fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
(98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
(7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
(fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
(03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
(4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
(a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
(b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
(b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
(c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
(90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
(a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
(cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
(0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
(70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
(0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
(e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
(7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
(03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
(94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
(650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
(2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
(38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
(ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
(a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
(4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
(12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
(4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
(ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
(4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
(15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
(c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
(a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
(6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
(f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
(8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
(ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
(984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
(efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
(f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
(28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
- detected Rootkit.Win32.TDSS.tdl4 (0)
==========================================================================
finished
==========================================================================
object count: 1
- will be cured after reboot
t.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
success

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2011-02-22T11:19:12+00:00

Super! Got it.
Now do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop

• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a scan log from HiJackThis.
http://free.antivirus.com/hijackthis/

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Kenney 0 Junior Poster in Training · Answer 13 · 2011-02-22T11:57:13+00:00

ComboFix 11-02-21.01 - Administrator 02/22/2011 0:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.142 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Desktopicon
c:\documents and settings\Administrator\Local Settings\Application Data\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}
c:\documents and settings\Administrator\Local Settings\Application Data\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{C800BD62-DC22-4251-A62B-6DB4DCFB5CF3}\install.rdf
c:\documents and settings\All Users\Application Data\vlc-1.0.2-win32.exe
c:\documents and settings\All Users\Application Data\vlc-1.1.4-win32.exe
c:\documents and settings\All Users\Application Data\vlc-1.1.5-win32.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-21 19:16 . 2011-02-21 19:16 -------- dc----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2011-02-06 07:10 . 2011-02-06 07:10 -------- d-----w- C:\9d1a4fd1d165859c34c74e7d70f2
2011-02-03 20:03 . 2011-02-17 14:38 0 ----a-w- c:\windows\Dfenap.bin
2011-02-03 20:01 . 2011-02-05 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\oNaHaKi15400

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-09-27 16:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-09-27 16:48 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-09-11 2836440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrust Antivirus\\InoNmSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: gamelink.com\drm
Trusted Zone: gamelink.com\www
TCP: {44489742-B6B9-456E-907B-734BC7A821BE} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\64a7lc56.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HopSurf®: {1DA0528B-1DD8-4167-BFAF-E0EF94939F93} - c:\program files\Comodo\HopSurfToolbar\hopsurfext_ff3_5
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Hhapucineputeh - c:\windows\ajicoyusikunose.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 00:45
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
.
Completion time: 2011-02-22 00:49:05
ComboFix-quarantined-files.txt 2011-02-22 05:48
ComboFix2.txt 2009-10-03 00:13

Pre-Run: 2,001,018,880 bytes free
Post-Run: 2,028,957,696 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B4110D1506C2C6B8A869EDAAF2B5AB52

Kenney 0 Junior Poster in Training · Answer 14 · 2011-02-22T11:57:50+00:00

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:28 AM, on 2/22/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.com/mrc/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205852848724
O17 - HKLM\System\CCS\Services\Tcpip\..\{44489742-B6B9-456E-907B-734BC7A821BE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{44489742-B6B9-456E-907B-734BC7A821BE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS4\Services\Tcpip\..\{44489742-B6B9-456E-907B-734BC7A821BE}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 7090 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 15 · 2011-02-22T12:07:39+00:00

jholland1964 650 Posting Expert

13 Years Ago

How are things running Kenney?

Kenney 0 Junior Poster in Training · Answer 16 · 2011-02-22T12:10:31+00:00

Actually everything's running great right now. Only thing I need is some kind of virus/firewall protection because I uninstalled all the previous ones.
But right now everything seems to be running ok. I'm going to reboot just to make sure.

Kenney 0 Junior Poster in Training · Answer 17 · 2011-02-22T12:15:19+00:00

Kenney 0 Junior Poster in Training

13 Years Ago

Just rebooted and everything seems to be working pretty good.

Kenney 0 Junior Poster in Training · Answer 18 · 2011-02-22T12:32:18+00:00

Thanks so much for the help tonight jholland1964. You were extremely knowledgeable and helpful. My computer is definitely running better and seems to be clean, finally. Not sure if you have any further steps for me tonight, but it's getting late and I'm going to head to bed. Can we reconvene tomorrow?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 19 · 2011-02-22T12:33:07+00:00

Only thing I need is some kind of virus/firewall protection because I uninstalled all the previous ones.

Oh you need a LOT more than that. Your entire system is way, way out of date, yrs out of date in fact in some cases. You are running XP SP2, which means your system is no longer supported by MS. Support for XP running only SP2 stopped on Jul. 13, 2010 meaning you have no updates and will not be able to get any unless you install SP3. You need to update to SP3, it has been available since April 2008 or one month after the install of XP on your computer. I see "some" updates on there but obviously very few. You have IE 7 on there but that is really the only visible update that has been done.

With SP3 installed support is extended until April 8, 2014.

Your MBA-M of course we know was nearly two years out of date. Your Java program is 9 updates out of date. Those are the ones I know without a doubt are way out of date. Firefox is also way out of date. All of those out of date programs, especially the operating system, put your system at GREAT risk, as you have now seen.

You need to get these Windows Updates. The only one you don't need is IE 8, that is mainly for Vista and Windows 7 but otherwise you need those updates and you need them ASAP.

Another thing I am concerned about is your hard drive is very nearly full. You have barely 1.1GB of Free space remaining. You don't have that many programs on there really, no more than I have on my 40GB hard drive, running XP SP3, yet I have 3/4 of the hard drive space remaining. This tells me you must have other things stored on there, pictures, videos, music? Whatever it is that you have stored on there should really be moved off of the hard drive because soon you won't even be able to use it.

What is it that you have stored on there?

We absolutely need to reconvene tomorrow. We need to get this computer in tip top shape and I believe we can! Don't leave it running overnight, shut it completely down. We don't want anything sneaking in there and "mucking" things up just when we have made some progress.
Judy

Kenney 0 Junior Poster in Training · Answer 20 · 2011-02-22T12:41:16+00:00

I have music and videos mainly stored on here. That's what's taking up most of my space. Ok I just download SP3. It didn't take long to download. But I'm about to restart my computer and hopefully it's on here.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 21 · 2011-02-22T13:08:33+00:00

You really need to move those videos and music off of there. For one thing if you had not been able to complete these clean up steps then the only option for you would have been a reformat and reload. In all likelihood you would have not been able to get these files off, and it would not have been recommended either since some of these files are likely the reason the infection came onto the computer in the first place, which is still a concern for me now. But with a reformat you would have lost them all when the drive was erased, there would be no way to get them back. You should never store these types of files permanently on the computer, IF you don't want to lose them.
But the main reason to get these off the computer is you really need to regain some hard drive space because you will soon get to the point where you will be able to do absolutely nothing, the hard drive does need some room to be able to function. You will see different figures stating the least amount of hard drive space you need for the operating system and programs you run to perform correctly and completely, generally 10% free space is the minimum amount given and many say 20% free space is better. Either way, once you reach that point of a small amount of remaining free space the poorer and slower the computer will perform or in the case of some things even be able to perform at all.
You don't even have 10% free. 10% would be 3 to 4 GB, you have a little over 1GB, certainly less than 3% and definitely not enough. With that small amount of space remaining you don't have enough space left to even defrag the drive, which requires somewhere between 5 and 15% of free space to be able to move files around. You definitely SHOULD defrag your hard drive on a regular basis. I am guessing here, but based on the fact that the computer is so far out of date I will guess this has not been done either either at all or any time recently. Now because of the removals done and the infections that were on there that likely moved files, fragmented files created files, this really should be done. I am certain the disk is fragmented, but you can't do it because you don't have enough free space to even attempt it. It just won't work.
You need to install SP3, which needs 460MB of space, plus you will need to add all other updates released since the release of SP3, a huge number, we are talking nearly 3 years worth of updates.
You need to update your Java program, it takes approximately 91MB of space.
You need an anti-virus program, the one I recommend is Avira Free, it requires about 100MB of space.
So WITHOUT any WIndows updates except SP3 + those two other required programs the total of those is slightly over 1/2 GB, leaving you with 1/2GB free. So you see, you can't even get all the programs needed OR the Windows updates needed unless you get all those unnecessary music, video and picture files off of there

Kenney 0 Junior Poster in Training · Answer 22 · 2011-02-23T03:11:40+00:00

Thanks for the advice jholland. I'm planning to get a flash drive and save my music and pics on there. I probably won't have until the end of the week though. That should free up a great deal of space.

I just downloaded and installed SP3. I'm in the process of downloading the rest of the updates you mentioned. Oh, and I also downloaded Avira Free as your recommended.

Again, I really appreciate your assistance with all this.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 23 · 2011-02-23T03:33:50+00:00

Thanks for the advice jholland. I'm planning to get a flash drive and save my music and pics on there. I probably won't have until the end of the week though. That should free up a great deal of space.
I just downloaded and installed SP3. I'm in the process of downloading the rest of the updates you mentioned. Oh, and I also downloaded Avira Free as your recommended.
Again, I really appreciate your assistance with all this.

You also DID uninstall that CA eTrust Antivirus program too I hope. The rule is ONE av program and One firewall should be on a system.
These should also be uninstalled
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Registry Mechanic 8.0>> the use of a registry "fixer", "cleaner" whatever is never recommended or needed. This must go.

The old Java should be uninstalled before the new one is installed and it should be installed by downloading the Offline Install file and saved to where ever you can easily find it.
http://www.java.com/en/download/index.jsp
Then close all browsers and install it. Watch very closely while it installs because it often contains extra toolbars that you don't need or want. Remove the check marks which would be next to those listings so they aren't installed also.

The other one I question is this one Comodo HopSurf, I am not familiar with this so I can't say it's ok.

You also need to update Firefox, yours is way out of date. Current version is 3.6.13

Rather than a flash drive for permanent storage I would recommend an external hard drive. Of course the flash drive is ok for temporary storage but they often fail also. You can get an external hard drive that plugs into the computer at most stores that sell computer supplies. Of course they are more costly than flash drives, which run, at most, $25.

You also can move all these music files and picture to a CD or DVD if you have a burner.
Once you get these updates done, do another DDS scanner run and post the logs.

Kenney 0 Junior Poster in Training · Answer 24 · 2011-02-23T06:54:51+00:00

Hi!

OK, I uninstalled and installed the items you mentioned above.

As for the external hard drive. I'm planning to go out to Best Buy and purchase one some time this week.

My DDS Logs should follow in the subsequent post.

Kenney 0 Junior Poster in Training · Answer 25 · 2011-02-23T06:55:09+00:00

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 19:45:29.62 on Tue 02/22/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.199 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: gamelink.com\drm
Trusted Zone: gamelink.com\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205852848724
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {44489742-B6B9-456E-907B-734BC7A821BE} = 156.154.70.22,156.154.71.22
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\64a7lc56.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-22 11608]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-22 61960]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-22 135664]

=============== Created Last 30 ================

2011-02-23 00:35:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-23 00:35:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-22 21:07:59 -------- d-----w- c:\windows\system32\NtmsData
2011-02-22 21:00:57 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-22 21:00:49 -------- d-----w- c:\program files\Avira
2011-02-22 21:00:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-02-22 20:50:09 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11
2011-02-22 19:58:20 -------- d-----w- c:\windows\system32\scripting
2011-02-22 19:58:18 -------- d-----w- c:\windows\l2schemas
2011-02-22 19:58:15 -------- d-----w- c:\windows\system32\en
2011-02-22 19:58:15 -------- d-----w- c:\windows\system32\bits
2011-02-22 19:34:56 48640 ------w- c:\windows\system32\dhcpqec.dll
2011-02-22 19:33:55 86016 ------w- c:\windows\system32\mdmxsdk.dll
2011-02-22 19:32:59 32768 ------w- c:\windows\system32\setupn.exe
2011-02-22 19:27:39 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
2011-02-22 05:54:01 388096 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-22 05:29:38 98816 ----a-w- c:\windows\sed.exe
2011-02-22 05:29:38 89088 ----a-w- c:\windows\MBR.exe
2011-02-22 05:29:38 256512 ----a-w- c:\windows\PEV.exe
2011-02-22 05:29:38 161792 ----a-w- c:\windows\SWREG.exe
2011-02-21 19:16:49 -------- dc----w- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2011-02-06 07:10:06 -------- d-----w- C:\9d1a4fd1d165859c34c74e7d70f2
2011-02-03 20:03:16 0 ----a-w- c:\windows\Dfenap.bin
2011-02-03 20:01:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\oNaHaKi15400

==================== Find3M ====================

============= FINISH: 19:47:14.95 ===============

Kenney 0 Junior Poster in Training · Answer 26 · 2011-02-23T06:56:12+00:00

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2008 9:39:06 AM
System Uptime: 2/22/2011 3:26:23 PM (4 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2391/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 0.268 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP319: 2/22/2011 2:35:58 PM - Software Distribution Service 3.0
RP320: 2/22/2011 7:10:51 PM - Removed Java(TM) 6 Update 15
RP321: 2/22/2011 7:12:45 PM - Removed Java(TM) 6 Update 5
RP322: 2/22/2011 7:34:56 PM - Installed Java(TM) 6 Update 24

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Codec Pack 3.2.5 Standard
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.16)
Mozilla Firefox 4.0b11 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
QuickTime
Right Picture Download Manager 2.3.1
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SoundMAX
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack

==== Event Viewer Messages From Past Week ========

2/22/2011 3:59:30 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
2/22/2011 3:59:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
2/22/2011 3:59:29 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/22/2011 12:45:20 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
2/21/2011 9:42:18 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2011 9:42:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/21/2011 8:57:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/21/2011 8:37:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/21/2011 8:16:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Lbd
2/21/2011 5:25:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard Fips intelppm Lbd OMCI SASKUTIL
2/21/2011 2:23:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
2/21/2011 2:23:53 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2011 2:16:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/21/2011 1:26:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
2/21/2011 1:25:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/21/2011 1:24:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/21/2011 1:11:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
2/21/2011 1:11:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
2/20/2011 5:26:55 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wuauclt.exe. Reference error message: Error Message is unavailable .
2/20/2011 5:13:51 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: Error Message is unavailable .
2/20/2011 3:23:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
2/20/2011 3:23:40 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2011 9:13:58 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the cmdAgent service.
2/17/2011 9:38:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
2/17/2011 9:38:48 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2011 6:06:35 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2011 6:06:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/17/2011 6:06:01 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2/17/2011 6:04:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2/17/2011 11:57:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
2/17/2011 11:57:53 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2011 11:57:29 AM, error: Service Control Manager [7022] - The Telephony service hung on starting.
2/17/2011 11:57:29 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2/17/2011 11:57:27 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
2/17/2011 11:49:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Auxiliary Service service to connect.
2/17/2011 11:49:42 AM, error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Windows Time service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Security Center service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
2/17/2011 11:32:31 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/17/2011 11:32:31 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/17/2011 11:32:31 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
2/16/2011 9:48:45 PM, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2011 8:15:06 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
2/16/2011 8:09:14 PM, error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.

==== End Of File ===========================

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 27 · 2011-02-23T07:13:46+00:00

Ok, looks good.
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

Now I have to caution you, you have LESS than 1GB of free space,actually 275MB is all, remaining on the drive so you can't put anything else on the computer until you get all those extra music and video files off of there, updates to Avira would be the only exception of course.

You have a lot of unneeded auto starting programs which also would slow the computer but I can't give you the program to use to control these because you have no room for it also there is one more must have security program you need but cannot install yet because of the lack of room so once you have those extra unneeded files off of there come back with another DDS scan and then we can finish up.

Kenney 0 Junior Poster in Training · Answer 28 · 2011-03-01T09:01:26+00:00

Hi jholland!

I'm sorry it took so long but I finally got my external hard drive. You should see some improvements on my space. I'm still cleaning up so more space should be available shortly.
Nevertheless my dds logs are below. Please let me know what you think.

Thanks in advance.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 21:53:16.83 on Mon 02/28/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.54 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugin-container.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
mStart Page = hxxp://www.pctools.com/mrc/fix_homepage/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: gamelink.com\drm
Trusted Zone: gamelink.com\www
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205852848724
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {44489742-B6B9-456E-907B-734BC7A821BE} = 156.154.70.22,156.154.71.22
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\64a7lc56.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-22 11608]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-22 61960]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

=============== Created Last 30 ================

2011-02-23 01:40:54 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-23 01:40:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-02-23 01:40:35 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-02-23 01:39:22 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-23 01:34:20 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-02-23 00:35:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-23 00:35:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-22 21:07:59 -------- d-----w- c:\windows\system32\NtmsData
2011-02-22 21:00:57 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-22 21:00:49 -------- d-----w- c:\program files\Avira
2011-02-22 21:00:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-02-22 20:50:09 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 11
2011-02-22 19:58:20 -------- d-----w- c:\windows\system32\scripting
2011-02-22 19:58:18 -------- d-----w- c:\windows\l2schemas
2011-02-22 19:58:15 -------- d-----w- c:\windows\system32\en
2011-02-22 19:58:15 -------- d-----w- c:\windows\system32\bits
2011-02-22 19:34:56 48640 ------w- c:\windows\system32\dhcpqec.dll
2011-02-22 19:33:55 86016 ------w- c:\windows\system32\mdmxsdk.dll
2011-02-22 19:32:59 32768 ------w- c:\windows\system32\setupn.exe
2011-02-22 19:27:39 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
2011-02-22 05:54:01 388096 ----a-r- c:\docume~1\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-22 05:29:38 98816 ----a-w- c:\windows\sed.exe
2011-02-22 05:29:38 89088 ----a-w- c:\windows\MBR.exe
2011-02-22 05:29:38 256512 ----a-w- c:\windows\PEV.exe
2011-02-22 05:29:38 161792 ----a-w- c:\windows\SWREG.exe
2011-02-21 19:16:49 -------- dc----w- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2011-02-06 07:10:06 -------- d-----w- C:\9d1a4fd1d165859c34c74e7d70f2
2011-02-03 20:03:16 0 ----a-w- c:\windows\Dfenap.bin
2011-02-03 20:01:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\oNaHaKi15400

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 21:56:15.24 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2008 9:39:06 AM
System Uptime: 2/28/2011 8:42:49 PM (1 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2391/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 13.086 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 298 GiB total, 279.084 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP320: 2/22/2011 7:10:51 PM - Removed Java(TM) 6 Update 15
RP321: 2/22/2011 7:12:45 PM - Removed Java(TM) 6 Update 5
RP322: 2/22/2011 7:34:56 PM - Installed Java(TM) 6 Update 24
RP323: 2/22/2011 11:10:39 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
iTunes
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Codec Pack 3.2.5 Standard
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.16)
Mozilla Firefox 4.0b12 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
QuickTime
Right Picture Download Manager 2.3.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SoundMAX
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack

==== Event Viewer Messages From Past Week ========

2/22/2011 3:59:30 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
2/22/2011 3:59:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
2/22/2011 3:59:29 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/22/2011 12:45:20 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
2/22/2011 12:05:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2/21/2011 9:01:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/21/2011 8:59:23 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
2/21/2011 8:57:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/21/2011 8:37:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/21/2011 8:37:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard Fips intelppm Lbd OMCI SASKUTIL
2/21/2011 8:16:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde Lbd
2/21/2011 8:15:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
2/21/2011 8:15:57 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2011 3:19:57 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2011 3:19:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/21/2011 3:19:17 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
2/21/2011 2:54:05 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2011 2:52:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/21/2011 2:16:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/21/2011 1:26:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
2/21/2011 1:25:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/21/2011 1:11:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
2/21/2011 1:11:45 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

==== End Of File ===========================