Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

loads of problems. any help appreciated.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

loads of problems. any help appreciated.

Unread postby ciaran » February 19th, 2011, 1:11 pm

hi,
here's a list of things wrong with my pc...

probably about 9 times out of 10, if not more, it won't connect to the internet. (can't renew ip address)

about half the times it's turned on there is no sound, no audio device on device manager.

IE and firefox won't open, except pop ups on IE . chrome will only work with no-sandbox tag.

couldn't follow links from this site to download hjt.

message pops up with... Guil1p78.exe has crashed etc etc... every few minutes.


hjt log

Logfile of HijackThis v1.99.1
Scan saved at 16:55:11, on 19/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Documents and Settings\All Users\Application Data\Guil1p78.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\jgfg.tmp\setup.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\fnrvobms\ntjiyevg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EPSON Stylus S20 Pigment Ink] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\DOCUME~1\JODIEA~1\LOCALS~1\Temp\E_S56.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [{EA9886A2-92EA-EEBE-4E91-09EE7FA0D5C5}] "C:\Documents and Settings\jodie and ciaran xxx\Application Data\Xyqyy\beury.exe"
O4 - HKCU\..\Run: [{ADC9604A-3BBB-771D-A42B-E8ED7E913F02}] "C:\Documents and Settings\jodie and ciaran xxx\Application Data\Ogxa\vuusi.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\jgfg.tmp\setup.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)



uninstall list

Acronis True Image Echo Enterprise Server
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Autodesk Design Review 2010
Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
Autodesk Inventor Professional 2010
Autodesk Inventor Professional 2010
Autodesk Inventor Professional 2010 English (English)
Autodesk Vault 2010 (Client)
Autodesk Vault 2010 (Client)
Autodesk Vault 2010 (Client) English Language Pack
AutoRun Design Specialty 9.1.3.6
AVS DVD Player version 2.4
BlackBerry Connect Desktop for Windows Mobile
BlackBerry Service for PocketPC 4.0
Bonjour
CDBurnerXP
Choice Guard
Collab
Connect
CorelDRAW Graphics Suite X3
Craft ROBO Controller
Critical Update for Windows Media Player 11 (KB959772)
Cutting Master 2 for CraftROBO 1.30
Cutting Master 2 for CraftROBO 1.50
Design Tools - 2D Design V2 Demo
DivX 4.11 Codec
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DWG TrueView 2010
EN
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Stylus S20 Series Printer Uninstall
EPSON Web-To-Page
ESPRX420 Reference Guide
ESPRX420 Software Guide
FL Studio 8
FontNav
Free YouTube to Mp3 Converter version 3.1
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Handmark® PocketChess for Pocket PC
Handmark® Scrabble® for Pocket PC
HASP Device Driver
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IL Download Manager
iTunes
Java(TM) 6 Update 20
Junk Mail filter update
kuler
LG PC Suite
LG PC Suite II
LG USB Modem driver
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007 Trial
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Pocket Streets for Pocket PC
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
New York PC Sync Uninstall
Norton Internet Security
Norton Utilities
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 2.3
Orionic
PartyPoker
PDF Settings CS4
Photoshop Camera Raw
PIF DESIGNER2.1
PoiZone
ProfileMaker Professional 5.0.5
QuickTime
Reason 4.0
Registry Clean Expert
ROBO Master
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
ScanToWeb
Scientific-Atlanta WebSTAR 2000 series Cable Modem
SCRABBLE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Sony ACID Pro 6.0
Sony Sound Forge 8.0d
SSC Service Utility v4.30
Suite Shared Configuration CS4
Tetris 5000(v1.10 full version)
Toxic Biohazard
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Manager
VBA
VC80CRTRedist - 8.0.50727.762
Vector Magic
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.05 (Remove Only)
Vspainter
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile® Device Handbook
WinZip 12.0
Wireless Manager

thanks for looking.

ciaran.
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm
Advertisement
Register to Remove

Re: loads of problems. any help appreciated.

Unread postby melboy » February 23rd, 2011, 7:40 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


======================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue: BitTorrent

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.



CKScanner

Download CKScanner from here

  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 23rd, 2011, 3:43 pm

hi melboy,
first of all, thanks for helping.
i will just tell you that i have uninstalled a few things in the mean time since i posted my request for help, including bittorrent.
hope this won't cause any problems.

here's the ckfiles.txt


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\autorun 9\keygen.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\bia - road to hill 30.iso
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\brothers_in_arms_retail_1.11_us_uk.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\brothers_in_arms_starforce_1.11_us_uk.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\cheats.txt
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\torrent_downloaded_from_demonoid.com.txt
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\bigpol666\read me_by bigpol666.txt
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\mods\more realism bia1 v3\defuser.ini
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\mods\more realism bia1 v3\gbxbase.u
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\mods\more realism bia1 v3\gbxinventory.u
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\mods\more realism bia1 v3\readme.rtf
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\nocd crack ( works with v1.11 patch )\bia.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\brothers in arms - road to hill 30 pc_dvd + v1.11 patch + nocd crack + game mods_by bigpol666\nocd crack ( works with v1.11 patch )\hoodlum.nfo
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\ep\mame32 0.113\icons\cracksht.ico
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\ep\mame32 0.113\icons\mt_crack.ico
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\guitar hero 3 mobie [windows mobie 5-6-6.1 or ppc]\keygen.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\pda pack 22\202. ppclink hicalc v2.6.2 (your trusted calculator)\ppclink.hicalc.keygen.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\pda pack 22\214. resco utility package v6.57\resco product keygen\ppcwcalc.xml
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\pda pack 22\214. resco utility package v6.57\resco product keygen\resco product keygen.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\pda pack 22\214. resco utility package v6.57\resco product keygen\rs.keybord-keygen.exe
c:\documents and settings\jodie and ciaran xxx\my documents\downloads\pda pack19\179. resco keyboard pro v5.20\keygen.exe
scanner sequence 3.ZZ.11
----- EOF -----

i am finding it very difficult to connect to the internet with this computer. it does seem to help if i run a full scan from malwarebytes in safe mode as administrator but reading your post above it seems this may cause problems when you are trying to help. of course running the scan and connecting could be coincidental as connection seems totally random. it this does indeed cause a problem of course i won't do it. please let me know.
thanks again.
ciaran
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm

Re: loads of problems. any help appreciated.

Unread postby melboy » February 23rd, 2011, 4:29 pm

Yes, don't run any scans unless I ask you to.


Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Please post back to confirm the removal of the illegal items.



Re-run CKScanner

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 23rd, 2011, 6:10 pm

cleared those out...


CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


some of them wouldn't let me delete the folders but let me delete the files inside. don't know if this means anything but i thought i should let you know.

ciaran.
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm

Re: loads of problems. any help appreciated.

Unread postby melboy » February 23rd, 2011, 6:18 pm

Ok

DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 23rd, 2011, 6:55 pm

took a while but here they are...



DDS (Ver_10-12-12.02) - NTFSx86
Run by jodie and ciaran xxx at 22:43:39.25 on 23/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1917.1096 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jodie and ciaran xxx\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\fnrvobms\ntjiyevg.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [EPSON Stylus S20 Pigment Ink] c:\windows\system32\spool\drivers\w32x86\3\e_fatieae.exe /fu "c:\docume~1\jodiea~1\locals~1\temp\E_S56.tmp" /EF "HKCU"
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent .exe"
uRun: [Google Update] "c:\documents and settings\jodie and ciaran xxx\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [fkfqsrqb] c:\documents and settings\networkservice\local settings\application data\llssmbrmg\evoppkxtssd.exe
dRun: [ccgrkkfd] c:\documents and settings\localservice\local settings\application data\vmruivjin\fkfgqsftssd.exe
dRun: [bdkbjcej] c:\documents and settings\localservice\local settings\application data\vqnsghgwx\hlouqoctssd.exe
dRun: [xulcbusk] c:\documents and settings\localservice\local settings\application data\fqnudcxsf\jafmqvitssd.exe
dRun: [lcwxekqy] c:\documents and settings\localservice\local settings\application data\pbacaspvy\ofpsifdtssd.exe
dRun: [45avs87hck.exe] c:\documents and settings\networkservice\application data\4117ccdc384ef612f7055d8c854f154e\45avs87hck.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jodiea~1\applic~1\mozilla\firefox\profiles\4lw9vf3t.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?referrer=theme_ign
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=gr ... =937811&p=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\jodie and ciaran xxx\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coFFPlgn

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-1 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-10-22 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-10-22 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-22 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-10-22 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-10-22 116784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-21 55152]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-23 32512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-7 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20101022.025\NAVENG.SYS [2010-10-23 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20101022.025\NAVEX15.SYS [2010-10-23 1371184]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-1-19 238080]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-10-22 126392]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101021.003\IDSXpx86.sys [2010-10-19 341880]
S3 qcusbmdm6k;New York Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [2009-5-3 65024]
S3 qcusbser6k;New York Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [2009-5-3 65024]

=============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2011-02-23 17:44:01 -------- d-----w- c:\program files\DWG TrueView 2010
2011-02-13 12:57:47 0 ----a-w- c:\windows\system32\tmp.tmp
2011-02-13 05:25:55 664 ----a-w- c:\docume~1\jodiea~1\locals~1\applic~1\d3d9caps.tmp

==================== Find3M ====================

2011-01-07 22:08:34 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDP725050GLA360 rev.GM4OA5CA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T1L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89C5DAC8]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x87c337f8; SUB DWORD [EBP-0x4], 0x87c33100; PUSH EDI; CALL 0xffffffffffffe127; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89C55AB8]
3 CLASSPNP[0xBA8E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000079[0x89D4E3B8]
5 ACPI[0xBA75F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89C57D98]
[0x89D2C308] -> IRP_MJ_CREATE -> 0x89C5DAC8
kernel: MBR read successfully
_asm { CALL 0x115; }
detected disk devices:
\Device\Ide\IdeDeviceP2T1L0-e -> \??\IDE#DiskHitachi_HDP725050GLA360_________________GM4OA5CA#5&13bd8182&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89C5D8B4
user & kernel MBR OK
sectors 976773166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 22:48:59.57 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19/01/2009 18:56:00
System Uptime: 23/02/2011 19:16:13 (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5N73-AM
Processor: Intel(R) Celeron(R) CPU E1200 @ 1.60GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 435 GiB total, 248.337 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 28.973 GiB free.
E: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Windows Mobile-based Device
Device ID: USB\VID_0BB4&PID_0B0B\3FBF5000-7351-0801-3557-570112673700
Manufacturer: Microsoft Corporation
Name: Windows Mobile-based Device
PNP Device ID: USB\VID_0BB4&PID_0B0B\3FBF5000-7351-0801-3557-570112673700
Service: usb_rndisx

==== System Restore Points ===================

RP462: 19/02/2011 13:58:49 - Removed Java(TM) 6 Update 3
RP463: 23/02/2011 16:19:59 - Removed Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
RP464: 23/02/2011 16:33:12 - Removed CorelDRAW Graphics Suite X3
RP465: 23/02/2011 16:34:27 - Removed EN
RP466: 23/02/2011 16:34:55 - Removed FontNav
RP467: 23/02/2011 16:35:15 - Removed VBA
RP468: 23/02/2011 16:39:09 - Removed Sony ACID Pro 6.0
RP469: 23/02/2011 16:40:41 - Removed Sony Sound Forge 8.0d

==== Installed Programs ======================

AAC Decoder
Acronis True Image Echo Enterprise Server
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0
Adobe Reader Chinese Simplified Fonts
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Autodesk Inventor Professional 2010
Autodesk Inventor Professional 2010 English (English)
AutoUpdate
AVS DVD Player version 2.4
BlackBerry Connect Desktop for Windows Mobile
BlackBerry Service for PocketPC 4.0
Bonjour
CDBurnerXP
Choice Guard
Collab
Connect
Craft ROBO Controller
Critical Update for Windows Media Player 11 (KB959772)
Cutting Master 2 for CraftROBO 1.30
Cutting Master 2 for CraftROBO 1.50
Design Tools - 2D Design V2 Demo
DivX 4.11 Codec
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
DWG TrueView 2010
EPSON CardMonitor
EPSON Copy Utility 3
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
EPSON Stylus S20 Series Printer Uninstall
EPSON Web-To-Page
ESPRX420 Reference Guide
ESPRX420 Software Guide
Google Chrome
Google Update Helper
H.264 Decoder
HASP Device Driver
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
kuler
LG PC Suite
LG PC Suite II
LG USB Modem driver
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007 Trial
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Pocket Streets for Pocket PC
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
MKV Splitter
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
Norton Internet Security
Norton Utilities
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 2.3
PartyPoker
PDF Settings CS4
Photoshop Camera Raw
PIF DESIGNER2.1
Platform
QuickTime
ROBO Master
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
ScanToWeb
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SSC Service Utility v4.30
Suite Shared Configuration CS4
Toxic Biohazard
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Manager
VBA (2627.01)
VC80CRTRedist - 8.0.50727.762
Vector Magic
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® Device Handbook
WinZip 12.0
Wireless Manager

==== Event Viewer Messages From Past Week ========

23/02/2011 22:33:00, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At95.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At71.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At575.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At551.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At527.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At503.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At479.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At47.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At455.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At431.job command failed to start due to the following error: General access denied error
23/02/2011 22:00:01, error: Schedule [7901] - The At407.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:01, error: Schedule [7901] - The At94.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At70.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At574.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At550.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At526.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At502.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At478.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At46.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At454.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At430.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At406.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At382.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At358.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At334.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At310.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At286.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At262.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At238.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At214.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At190.job command failed to start due to the following error: General access denied error
23/02/2011 21:00:00, error: Schedule [7901] - The At166.job command failed to start due to the following error: General access denied error
23/02/2011 17:47:52, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
23/02/2011 16:44:07, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
23/02/2011 16:44:05, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
23/02/2011 16:10:37, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
23/02/2011 00:56:00, error: Schedule [7901] - The At361.job command failed to start due to the following error: General access denied error
23/02/2011 00:55:00, error: Schedule [7901] - The At265.job command failed to start due to the following error: General access denied error
23/02/2011 00:45:00, error: Schedule [7901] - The At433.job command failed to start due to the following error: General access denied error
23/02/2011 00:44:00, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error
23/02/2011 00:42:00, error: Schedule [7901] - The At169.job command failed to start due to the following error: General access denied error
23/02/2011 00:40:00, error: Schedule [7901] - The At481.job command failed to start due to the following error: General access denied error
23/02/2011 00:39:00, error: Schedule [7901] - The At289.job command failed to start due to the following error: General access denied error
23/02/2011 00:38:00, error: Schedule [7901] - The At553.job command failed to start due to the following error: General access denied error
23/02/2011 00:33:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
23/02/2011 00:32:00, error: Schedule [7901] - The At97.job command failed to start due to the following error: General access denied error
23/02/2011 00:27:00, error: Schedule [7901] - The At49.job command failed to start due to the following error: General access denied error
23/02/2011 00:22:00, error: Schedule [7901] - The At193.job command failed to start due to the following error: General access denied error
23/02/2011 00:18:00, error: Schedule [7901] - The At505.job command failed to start due to the following error: General access denied error
23/02/2011 00:17:00, error: Schedule [7901] - The At73.job command failed to start due to the following error: General access denied error
23/02/2011 00:17:00, error: Schedule [7901] - The At313.job command failed to start due to the following error: General access denied error
23/02/2011 00:16:00, error: Schedule [7901] - The At145.job command failed to start due to the following error: General access denied error
23/02/2011 00:15:00, error: Schedule [7901] - The At529.job command failed to start due to the following error: General access denied error
23/02/2011 00:14:00, error: Schedule [7901] - The At457.job command failed to start due to the following error: General access denied error
23/02/2011 00:13:00, error: Schedule [7901] - The At409.job command failed to start due to the following error: General access denied error
23/02/2011 00:11:00, error: Schedule [7901] - The At121.job command failed to start due to the following error: General access denied error
23/02/2011 00:10:00, error: Schedule [7901] - The At385.job command failed to start due to the following error: General access denied error
23/02/2011 00:08:00, error: Schedule [7901] - The At241.job command failed to start due to the following error: General access denied error
23/02/2011 00:08:00, error: Schedule [7901] - The At217.job command failed to start due to the following error: General access denied error
23/02/2011 00:05:00, error: Schedule [7901] - The At337.job command failed to start due to the following error: General access denied error
22/02/2011 23:33:00, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
22/02/2011 23:32:35, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 002215C82757 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
22/02/2011 21:42:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX StarOpen SymIRON Tcpip
21/02/2011 22:00:00, error: Schedule [7901] - The At383.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At359.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At335.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At311.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At287.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At263.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At239.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At215.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At191.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At167.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At143.job command failed to start due to the following error: General access denied error
21/02/2011 22:00:00, error: Schedule [7901] - The At119.job command failed to start due to the following error: General access denied error
21/02/2011 21:00:00, error: Schedule [7901] - The At142.job command failed to start due to the following error: General access denied error
21/02/2011 21:00:00, error: Schedule [7901] - The At118.job command failed to start due to the following error: General access denied error
21/02/2011 20:33:00, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
21/02/2011 18:33:00, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At91.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At67.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At571.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At547.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At523.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At499.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At475.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At451.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At43.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At427.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At403.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At379.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At355.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At331.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At307.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At283.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At259.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At235.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At211.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At187.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At163.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At139.job command failed to start due to the following error: General access denied error
21/02/2011 18:00:00, error: Schedule [7901] - The At115.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At250.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At226.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At202.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At178.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At154.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At130.job command failed to start due to the following error: General access denied error
21/02/2011 09:00:00, error: Schedule [7901] - The At106.job command failed to start due to the following error: General access denied error
21/02/2011 08:33:00, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At81.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At57.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At561.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At537.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At513.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At489.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At465.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At441.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At417.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At393.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At369.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At345.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At33.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At321.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At297.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At273.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At249.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At225.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At201.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At177.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At153.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At129.job command failed to start due to the following error: General access denied error
21/02/2011 08:00:00, error: Schedule [7901] - The At105.job command failed to start due to the following error: General access denied error
21/02/2011 07:33:00, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
21/02/2011 07:27:27, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SPService service to connect.
21/02/2011 07:27:27, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/02/2011 07:25:20, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
20/02/2011 22:20:40, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips imagesrv intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX StarOpen SymIRON Tcpip
20/02/2011 22:20:40, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:40, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:40, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:40, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:40, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:40, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:40, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/02/2011 22:20:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
20/02/2011 22:19:56, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/02/2011 22:19:28, error: imagesrv [4] - Driver detected an internal error in its data structures for .
20/02/2011 21:33:00, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
20/02/2011 20:47:02, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect.
20/02/2011 20:47:02, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
20/02/2011 20:47:02, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
20/02/2011 20:47:02, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 20:47:02, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 20:47:02, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 20:47:02, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 20:00:00, error: Schedule [7901] - The At93.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At69.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At573.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At549.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At525.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At501.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At477.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At453.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At45.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At429.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At405.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At381.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At357.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At333.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At309.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At285.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At261.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At237.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At213.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At189.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At165.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At141.job command failed to start due to the following error: General access denied error
20/02/2011 20:00:00, error: Schedule [7901] - The At117.job command failed to start due to the following error: General access denied error
20/02/2011 19:33:00, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At92.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At68.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At572.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At548.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At524.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At500.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At476.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At452.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At44.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At428.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At404.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At380.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At356.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At332.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At308.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At284.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At260.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At236.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At212.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At188.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At164.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At140.job command failed to start due to the following error: General access denied error
20/02/2011 19:00:00, error: Schedule [7901] - The At116.job command failed to start due to the following error: General access denied error
20/02/2011 16:08:53, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\drivers\dmload.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
20/02/2011 16:08:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\dmload.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 2600.0.503.0.
20/02/2011 16:00:00, error: Schedule [7901] - The At89.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At65.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At569.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At545.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At521.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At497.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At473.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At449.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At425.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At41.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At401.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At377.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At353.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At329.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At305.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At281.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At257.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At233.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At209.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At185.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At161.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At137.job command failed to start due to the following error: General access denied error
20/02/2011 16:00:00, error: Schedule [7901] - The At113.job command failed to start due to the following error: General access denied error
20/02/2011 15:33:00, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At88.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At64.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At568.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At544.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At520.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At496.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At472.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At448.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At424.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At400.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At40.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At376.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At352.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At328.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At304.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At280.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At256.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At232.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At208.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At184.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At160.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At136.job command failed to start due to the following error: General access denied error
20/02/2011 15:00:00, error: Schedule [7901] - The At112.job command failed to start due to the following error: General access denied error
20/02/2011 14:53:43, error: MRxSmb [8003] - The master browser has received a server announcement from the computer USER-32C4B8C00B that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0AD88953-315. The master browser is stopping or an election is being forced.
20/02/2011 14:33:01, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At87.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At63.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At567.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At543.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At519.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At495.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At471.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At447.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At423.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At399.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:01, error: Schedule [7901] - The At39.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At375.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At351.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At327.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At303.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At279.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At255.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At231.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At207.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At183.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At159.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At135.job command failed to start due to the following error: General access denied error
20/02/2011 14:00:00, error: Schedule [7901] - The At111.job command failed to start due to the following error: General access denied error
20/02/2011 13:33:00, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At86.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At62.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At566.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At542.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At518.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At494.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At470.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At446.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At422.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At398.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At38.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At374.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:03, error: Schedule [7901] - The At350.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:02, error: Schedule [7901] - The At326.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:02, error: Schedule [7901] - The At302.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:02, error: Schedule [7901] - The At278.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:02, error: Schedule [7901] - The At254.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:02, error: Schedule [7901] - The At230.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:02, error: Schedule [7901] - The At206.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:01, error: Schedule [7901] - The At182.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:01, error: Schedule [7901] - The At158.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:00, error: Schedule [7901] - The At134.job command failed to start due to the following error: General access denied error
20/02/2011 13:00:00, error: Schedule [7901] - The At110.job command failed to start due to the following error: General access denied error
20/02/2011 12:33:00, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At85.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At61.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At565.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At541.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At517.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At493.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At469.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At445.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At421.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At397.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At373.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At37.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At349.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At325.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:01, error: Schedule [7901] - The At301.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At277.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At253.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At229.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At205.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At181.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At157.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At133.job command failed to start due to the following error: General access denied error
20/02/2011 12:00:00, error: Schedule [7901] - The At109.job command failed to start due to the following error: General access denied error
20/02/2011 11:59:02, error: Service Control Manager [7034] - The AMService service terminated unexpectedly. It has done this 1 time(s).
20/02/2011 11:33:00, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
20/02/2011 11:29:16, error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).
20/02/2011 11:29:16, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
20/02/2011 11:29:16, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 11:29:16, error: Service Control Manager [7000] - The Remote Packet Capture Protocol v.0 (experimental) service failed to start due to the following error: The system cannot find the file specified.
20/02/2011 11:28:02, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
20/02/2011 11:28:02, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
20/02/2011 00:02:10, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Logical Disk Manager service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Logical Disk Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/02/2011 00:01:13, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/02/2011 23:33:00, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
19/02/2011 22:33:00, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
19/02/2011 21:33:00, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
19/02/2011 20:33:00, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
19/02/2011 19:33:00, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
19/02/2011 18:33:00, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
19/02/2011 17:33:00, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
19/02/2011 16:33:00, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
19/02/2011 15:33:00, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
19/02/2011 14:33:00, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
19/02/2011 13:33:00, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
19/02/2011 12:33:00, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
19/02/2011 11:33:00, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
19/02/2011 10:33:00, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
18/02/2011 01:33:00, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
18/02/2011 00:33:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
17/02/2011 09:33:00, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
17/02/2011 08:33:00, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm

Re: loads of problems. any help appreciated.

Unread postby melboy » February 23rd, 2011, 7:37 pm

Hi



ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 23rd, 2011, 8:27 pm

hi Melboy,
here's the ComboFix log.



ComboFix 11-02-23.05 - jodie and ciaran xxx 24/02/2011 0:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1917.1537 [GMT 0:00]
Running from: c:\documents and settings\jodie and ciaran xxx\Desktop\ComboFix.exe
.
/wow section - STAGE 25
The system cannot find the path specified.
@DO was unexpected at this time.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jodie and ciaran xxx\Application Data\Ydunom
c:\documents and settings\jodie and ciaran xxx\Application Data\Ydunom\vexye.ime
c:\documents and settings\jodie and ciaran xxx\Application Data\Ydunom\vexye.tmp
c:\documents and settings\NetworkService\Application Data\4117CCDC384EF612F7055D8C854F154E
c:\documents and settings\NetworkService\Application Data\4117CCDC384EF612F7055D8C854F154E\45avs87hck.exe
c:\documents and settings\NetworkService\Application Data\4117CCDC384EF612F7055D8C854F154E\enemies-names.txt
c:\documents and settings\NetworkService\Application Data\4117CCDC384EF612F7055D8C854F154E\local.ini
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\WinPCap
c:\program files\WinPCap\sfd
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\dmload.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-23 17:44 . 2011-02-23 17:44 -------- d-----w- c:\program files\DWG TrueView 2010
2011-02-13 05:25 . 2011-02-13 05:25 664 ----a-w- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\d3d9caps.tmp
2011-02-05 20:11 . 2011-02-05 20:11 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 13:58 . 2004-08-12 12:18 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-12-20 18:09 . 2010-12-16 15:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-16 15:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
Code: Select all
<pre>
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft ActiveSync\wcescomm                  .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\qttask                                                                                                                                                                                                                              .exe
c:\program files\Registry Clean Expert\RCHelper .exe
c:\program files\Virgin Broadband Wireless\Wireless Manager .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-18 4093288]
"BitTorrent"="c:\program files\BitTorrent\bittorrent .exe" [N/A]
"Google Update"="c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29987322]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8491008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-19 231888]

c:\documents and settings\romy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\fnrvobms\ntjiyevg.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jodie and ciaran xxx^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-06-23 20:22 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-23 20:23 884696 ------w- c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
c:\program files\BitTorrent\bittorrent .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-28 03:26 8491008 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-28 03:26 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-28 03:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC Service Utility]
2007-10-09 11:55 821075 ----a-w- c:\program files\SSC Service Utility\ssc_serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-06-23 20:20 1274800 ------w- c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"12957:TCP"= 12957:TCP:spport
"8353:TCP"= 8353:TCP:spport
"25318:TCP"= 25318:TCP:spport
"13950:TCP"= 13950:TCP:spport
"9546:TCP"= 9546:TCP:spport
"12152:TCP"= 12152:TCP:spport
"5995:TCP"= 5995:TCP:spport
"25518:TCP"= 25518:TCP:spport
"10233:TCP"= 10233:TCP:spport
"29402:TCP"= 29402:TCP:spport
"7559:TCP"= 7559:TCP:spport
"21691:TCP"= 21691:TCP:spport
"19733:TCP"= 19733:TCP:spport
"11067:TCP"= 11067:TCP:spport
"8502:TCP"= 8502:TCP:spport
"21920:TCP"= 21920:TCP:spport
"13894:TCP"= 13894:TCP:spport
"28068:TCP"= 28068:TCP:spport
"26858:TCP"= 26858:TCP:spport
"22339:TCP"= 22339:TCP:spport
"24350:TCP"= 24350:TCP:spport
"28480:TCP"= 28480:TCP:spport
"21969:TCP"= 21969:TCP:spport
"11331:TCP"= 11331:TCP:spport
"25992:TCP"= 25992:TCP:spport
"15468:TCP"= 15468:TCP:spport
"14036:TCP"= 14036:TCP:spport
"14155:TCP"= 14155:TCP:spport
"5124:TCP"= 5124:TCP:spport
"7134:TCP"= 7134:TCP:spport
"23009:TCP"= 23009:TCP:spport
"24166:TCP"= 24166:TCP:spport
"23292:TCP"= 23292:TCP:spport
"20584:TCP"= 20584:TCP:spport
"6065:TCP"= 6065:TCP:spport
"18474:TCP"= 18474:TCP:spport
"7285:TCP"= 7285:TCP:spport
"7402:TCP"= 7402:TCP:spport
"25407:TCP"= 25407:TCP:spport
"14551:TCP"= 14551:TCP:spport
"28505:TCP"= 28505:TCP:spport
"24293:TCP"= 24293:TCP:spport
"29076:TCP"= 29076:TCP:spport
"29481:TCP"= 29481:TCP:spport
"17012:TCP"= 17012:TCP:spport
"7150:TCP"= 7150:TCP:spport
"19352:TCP"= 19352:TCP:spport
"21696:TCP"= 21696:TCP:spport
"22556:TCP"= 22556:TCP:spport
"21231:TCP"= 21231:TCP:spport
"6463:TCP"= 6463:TCP:spport
"26658:TCP"= 26658:TCP:spport
"24964:TCP"= 24964:TCP:spport
"24270:TCP"= 24270:TCP:spport
"7310:TCP"= 7310:TCP:spport
"26726:TCP"= 26726:TCP:spport
"17799:TCP"= 17799:TCP:spport
"28735:TCP"= 28735:TCP:spport
"21313:TCP"= 21313:TCP:spport
"10343:TCP"= 10343:TCP:spport
"12245:TCP"= 12245:TCP:spport
"7677:TCP"= 7677:TCP:spport
"14022:TCP"= 14022:TCP:spport
"14576:TCP"= 14576:TCP:spport

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2010 14:09 64288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/07/2010 22:19 102448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/01/2009 19:04 238080]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS --> c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS --> c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [22/10/2010 22:59 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys --> c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS --> c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2010 16:43 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52 1352832]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [22/10/2010 22:58 126392]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101021.003\IDSXpx86.sys [19/10/2010 20:36 341880]
S3 qcusbmdm6k;New York Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [03/05/2009 17:31 65024]
S3 qcusbser6k;New York Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [03/05/2009 17:32 65024]
.
Contents of the 'Scheduled Tasks' folder

2011-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:55]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:43]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:43]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1326574676-1177238915-1003Core.job
- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:35]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1326574676-1177238915-1003UA.job
- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jodie and ciaran xxx\Application Data\Mozilla\Firefox\Profiles\4lw9vf3t.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?referrer=theme_ign
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=gr ... =937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,b4,58,1d,ba,3c,99,40,95,b6,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,b4,58,1d,ba,3c,99,40,95,b6,ed,\

[HKEY_USERS\S-1-5-21-436374069-1326574676-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-02-24 00:23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 00:23

Pre-Run: 268,080,365,568 bytes free
Post-Run: 268,900,663,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F8CD16D891983B85F1E71609342A86D3

can't tell you how much i appreciate your time and expertise.
ciaran.
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm

Re: loads of problems. any help appreciated.

Unread postby melboy » February 24th, 2011, 9:00 am

Hi

That's quite an infected machine you have there ciaran - undoubtably from your use of warez & torrents etc.



COMBOFIX-Script

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?p=568865#p568865
    
    Collect::
    c:\program files\fnrvobms\ntjiyevg.exe
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\\windows\\system32\\userinit.exe,"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    
    RenV::
    c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
    c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\Messenger\msmsgs .exe
    c:\program files\Microsoft ActiveSync\wcescomm                  .exe
    c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
    c:\program files\QuickTime\qttask                                                                                                                                                                                                                              .exe
    c:\program files\Registry Clean Expert\RCHelper .exe
    c:\program files\Virgin Broadband Wireless\Wireless Manager .exe
    
    Firefox::
    FF - ProfilePath - c:\documents and settings\jodie and ciaran xxx\Application Data\Mozilla\Firefox\Profiles\4lw9vf3t.default\
    FF - user.js: security.warn_viewing_mixed -
    FF - user.js: security.warn_viewing_mixed.show_once - 
    FF - user.js: security.warn_submit_insecure -
    FF - user.js: security.warn_submit_insecure.show_once -
    
    ATJob::
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.



After combofix has rebooted, produced it's log & finished:



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 24th, 2011, 12:29 pm

Hi Melboy,
yes, i have certainly learnt my lesson about p2p and cracks etc. shall not be doing that again!
i have followed the instructions as far as ComboFix is concerned (the log is below) but can not get ESET Online Scanner page to load up at all. i thought it may be something to do with norton internet security (which, incidently, i don't think was even running as it wasn't showing in the task bar or anywhere in task manager) but i couldn't get norton to even open to give me the option of shutting it... if that makes any sense at all. any way i have just uninstalled it so there is no chance of it getting in the way but still no joy with ESET Online Scanner. google loads up on IE, so i know that it can connect, but when i paste the url for ESET Online Scanner it tells me there is a connection problem. so unfortunately, as it stands, i am unable to complete the instructions, as far as ESET Online Scanner goes.


ComboFix 11-02-23.08 - jodie and ciaran xxx 24/02/2011 15:38:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1917.1396 [GMT 0:00]
Running from: c:\documents and settings\jodie and ciaran xxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jodie and ciaran xxx\Desktop\CFScript.txt

file zipped: c:\program files\fnrvobms\ntjiyevg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\fnrvobms\ntjiyevg.exe
c:\program files\Internet Explorer\dmlconf.dat

.
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-23 17:44 . 2011-02-23 17:44 -------- d-----w- c:\program files\DWG TrueView 2010
2011-02-13 05:25 . 2011-02-13 05:25 664 ----a-w- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\d3d9caps.tmp
2011-02-05 20:11 . 2011-02-05 20:11 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 13:58 . 2004-08-12 12:18 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-12-20 18:09 . 2010-12-16 15:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-16 15:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-18 4093288]
"Google Update"="c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-12-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29987322]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8491008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe" [2010-06-19 231888]

c:\documents and settings\romy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\fnrvobms\ntjiyevg.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jodie and ciaran xxx^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-06-23 20:22 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-06-23 20:23 884696 ------w- c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 13:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-28 03:26 8491008 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-28 03:26 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-28 03:26 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC Service Utility]
2007-10-09 11:55 821075 ----a-w- c:\program files\SSC Service Utility\ssc_serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-06-23 20:20 1274800 ------w- c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"12957:TCP"= 12957:TCP:spport
"8353:TCP"= 8353:TCP:spport
"25318:TCP"= 25318:TCP:spport
"13950:TCP"= 13950:TCP:spport
"9546:TCP"= 9546:TCP:spport
"12152:TCP"= 12152:TCP:spport
"5995:TCP"= 5995:TCP:spport
"25518:TCP"= 25518:TCP:spport
"10233:TCP"= 10233:TCP:spport
"29402:TCP"= 29402:TCP:spport
"7559:TCP"= 7559:TCP:spport
"21691:TCP"= 21691:TCP:spport
"19733:TCP"= 19733:TCP:spport
"11067:TCP"= 11067:TCP:spport
"8502:TCP"= 8502:TCP:spport
"21920:TCP"= 21920:TCP:spport
"13894:TCP"= 13894:TCP:spport
"28068:TCP"= 28068:TCP:spport
"26858:TCP"= 26858:TCP:spport
"22339:TCP"= 22339:TCP:spport
"24350:TCP"= 24350:TCP:spport
"28480:TCP"= 28480:TCP:spport
"21969:TCP"= 21969:TCP:spport
"11331:TCP"= 11331:TCP:spport
"25992:TCP"= 25992:TCP:spport
"15468:TCP"= 15468:TCP:spport
"14036:TCP"= 14036:TCP:spport
"14155:TCP"= 14155:TCP:spport
"5124:TCP"= 5124:TCP:spport
"7134:TCP"= 7134:TCP:spport
"23009:TCP"= 23009:TCP:spport
"24166:TCP"= 24166:TCP:spport
"23292:TCP"= 23292:TCP:spport
"20584:TCP"= 20584:TCP:spport
"6065:TCP"= 6065:TCP:spport
"18474:TCP"= 18474:TCP:spport
"7285:TCP"= 7285:TCP:spport
"7402:TCP"= 7402:TCP:spport
"25407:TCP"= 25407:TCP:spport
"14551:TCP"= 14551:TCP:spport
"28505:TCP"= 28505:TCP:spport
"24293:TCP"= 24293:TCP:spport
"29076:TCP"= 29076:TCP:spport
"29481:TCP"= 29481:TCP:spport
"17012:TCP"= 17012:TCP:spport
"7150:TCP"= 7150:TCP:spport
"19352:TCP"= 19352:TCP:spport
"21696:TCP"= 21696:TCP:spport
"22556:TCP"= 22556:TCP:spport
"21231:TCP"= 21231:TCP:spport
"6463:TCP"= 6463:TCP:spport
"26658:TCP"= 26658:TCP:spport
"24964:TCP"= 24964:TCP:spport
"24270:TCP"= 24270:TCP:spport
"7310:TCP"= 7310:TCP:spport
"26726:TCP"= 26726:TCP:spport
"17799:TCP"= 17799:TCP:spport
"28735:TCP"= 28735:TCP:spport
"21313:TCP"= 21313:TCP:spport
"10343:TCP"= 10343:TCP:spport
"12245:TCP"= 12245:TCP:spport
"7677:TCP"= 7677:TCP:spport
"14022:TCP"= 14022:TCP:spport
"14576:TCP"= 14576:TCP:spport

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/05/2010 14:09 64288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/07/2010 22:19 102448]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/01/2009 19:04 238080]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS --> c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS --> c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [22/10/2010 22:59 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys --> c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS --> c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2010 16:43 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 15:52 1352832]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [22/10/2010 22:58 126392]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101021.003\IDSXpx86.sys [19/10/2010 20:36 341880]
S3 qcusbmdm6k;New York Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [03/05/2009 17:31 65024]
S3 qcusbser6k;New York Diagnostic Port;c:\windows\system32\drivers\qcusbser6k.sys [03/05/2009 17:32 65024]
.
Contents of the 'Scheduled Tasks' folder

2011-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:55]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:43]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:43]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1326574676-1177238915-1003Core.job
- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:35]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1326574676-1177238915-1003UA.job
- c:\documents and settings\jodie and ciaran xxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jodie and ciaran xxx\Application Data\Mozilla\Firefox\Profiles\4lw9vf3t.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?referrer=theme_ign
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=gr ... =937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,b4,58,1d,ba,3c,99,40,95,b6,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,b4,58,1d,ba,3c,99,40,95,b6,ed,\

[HKEY_USERS\S-1-5-21-436374069-1326574676-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-02-24 15:52:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 15:52
ComboFix2.txt 2011-02-24 00:23

Pre-Run: 266,125,123,584 bytes free
Post-Run: 266,073,579,520 bytes free

- - End Of File - - B9DB02760B8D13C388AD33C585744A6E
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm

Re: loads of problems. any help appreciated.

Unread postby melboy » February 24th, 2011, 12:44 pm

Can you connect from this link:

http://www.eset.com/online-scanner
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 24th, 2011, 12:46 pm

afraid not.
:(
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm

Re: loads of problems. any help appreciated.

Unread postby melboy » February 24th, 2011, 12:51 pm

Ok

Lets try this.


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Please refer to this animation if you need further help.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: loads of problems. any help appreciated.

Unread postby ciaran » February 24th, 2011, 1:21 pm

hi,
tried for ages with the kaspersky scanner. same problem as with the eset one. simply will not let me go to the page. tried copying link to address bar, tried opening cached page, tried IE and chrome. (firefox not opening at moment).

here's the malwarebytes log...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5869

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/02/2011 17:03:55
mbam-log-2011-02-24 (17-03-55).txt

Scan type: Quick scan
Objects scanned: 189609
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\ntjiyevg.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\administrator\start menu\programs\startup\ntjiyevg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jodie and ciaran xxx\start menu\programs\startup\ntjiyevg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
ciaran
Regular Member
 
Posts: 15
Joined: February 19th, 2011, 12:14 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware