Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus (Boot? Root? Adware/Fraudpacks) My comp. is in BIG TROUBLE


  • This topic is locked This topic is locked
5 replies to this topic

#1 jwright12382

jwright12382

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 28 August 2010 - 09:03 AM

Hello All:

Thanks in adavance for any help you may be able to provide. Recently, I have obtained a virus I'm cluelesss about.

I've attempted to flush DNS, etc...

I have tried (normally & safe mode):

RKill (all file types)
CCleaner (all file types)
MBAM (all file types)
Superanitspy (all file types)
Spybot SD (all file types)



Etc.................... I've obviously "found/detected" and "removed/treated/deleted" all malicious findings. The one thing I haven't done is run a "log" with hijack this. Additionally, if at the end..it is absolutely necessary, I can wipe clean, restore, reinstall...whatever it takes. Problem being, I don't have a disk© for XP (however it's my legit computer bought from my family's business...so I have product key on the actual machine. Running Dell with Win XP Professional.

The problem:

My system can "clean" (through mix of various antimalwares) and rkill will do its job. However, when not in safe mode, first my internet would just shut down. Now, the desktop will not show icons. IN SAFE MODE: when browsing internet, I am redirected from Google search result links..but NOT ONLY google links. Usually to some Domain(s) selling services or product (really just brochure type pages...generic SEO is the end result I think they're trying to achieve). Obviously, with without proxy server. There are only a few help forums I can access. I don't know...!!!!!!! I'm not computer "illiterate"; however, I'm VERY naive as is pertatins to virus(es) and what not...and the underlying concepts/theories that make this thing run


Thanks again, and any direction will be greatly appreciated!

****HERE (below) is the hijackthis log*****


file of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:37 AM, on 8/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Pyijejulatiwojil] rundll32.exe "C:\WINDOWS\itoxuvij.dll",Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [mpugdsdl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xbpiyagls\qyurwsdshdw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mpugdsdl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\xbpiyagls\qyurwsdshdw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.geni.com/ImageUploader_5_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229477686730
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229477677714
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Edited by jwright12382, 28 August 2010 - 09:27 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 29 August 2010 - 07:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

(will not run in safe mode)
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jwright12382

jwright12382
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 30 August 2010 - 01:53 PM

Okay. So, below are the two DDS Logs.

However, in the meantime...two things have happened, I'm unable to run RKUnhooker (yes, it sends the message...infected, yet still will not run at all). And ...now, I can't view pdfs (and some sites) for longer than a minute (two tops).

Below are the two logs:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Johnathan at 13:40:52.53 on Mon 08/30/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.734 [GMT -5:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johnathan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [<NO NAME>]
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Pyijejulatiwojil] rundll32.exe "c:\windows\itoxuvij.dll",Startup
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [mpugdsdl] c:\documents and settings\networkservice\local settings\application data\xbpiyagls\qyurwsdshdw.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [mpugdsdl] c:\documents and settings\networkservice\local settings\application data\xbpiyagls\qyurwsdshdw.exe
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader_5_5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229477686730
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229477677714
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]

=============== Created Last 30 ================

2010-08-30 18:39:26 0 ----a-w- c:\documents and settings\johnathan\defogger_reenable
2010-08-28 14:38:37 0 d-----w- c:\docume~1\johnat~1\applic~1\comcasttb
2010-08-27 23:48:50 1158 ----a-w- c:\docume~1\alluse~1\applic~1\pragmamfeklnmal.dll
2010-08-27 23:47:14 0 d-----w- c:\program files\AnVi
2010-08-27 20:06:38 120 ----a-w- c:\windows\Cluciwitatux.dat
2010-08-27 20:06:38 0 ----a-w- c:\windows\Xqazijigokimakig.bin
2010-08-25 20:55:34 0 d-----w- c:\docume~1\johnat~1\applic~1\SUPERAntiSpyware.com
2010-08-25 20:03:35 0 d-----w- c:\program files\CCleaner
2010-08-01 19:47:08 0 d-----w- c:\docume~1\johnat~1\applic~1\My.Freeze.com NetAssistant
2010-08-01 19:47:06 0 d-----w- c:\docume~1\johnat~1\applic~1\WeatherBug
2010-08-01 19:46:03 0 d-----w- c:\program files\Free Offers from Freeze.com
2010-08-01 19:45:39 0 d-----w- c:\program files\Yahoo!

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 13:41:54.07 ===============




AND THE SECOND LOG


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/5/2008 3:31:30 PM
System Uptime: 8/28/2010 2:56:45 PM (47 hours ago)

Motherboard: Dell Inc. | | 0KP561
Processor: Intel® Core™2 Duo CPU E4400 @ 2.00GHz | CPU | 1995/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 109.509 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP757: 5/31/2010 3:00:40 AM - Software Distribution Service 3.0
RP758: 6/1/2010 3:00:46 AM - Software Distribution Service 3.0
RP759: 6/2/2010 3:00:45 AM - Software Distribution Service 3.0
RP760: 6/3/2010 3:00:59 AM - Software Distribution Service 3.0
RP761: 6/4/2010 3:00:21 AM - Software Distribution Service 3.0
RP762: 6/5/2010 3:00:51 AM - Software Distribution Service 3.0
RP763: 6/6/2010 3:00:55 AM - Software Distribution Service 3.0
RP764: 6/7/2010 3:00:53 AM - Software Distribution Service 3.0
RP765: 6/8/2010 3:00:54 AM - Software Distribution Service 3.0
RP766: 6/9/2010 3:00:55 AM - Software Distribution Service 3.0
RP767: 6/10/2010 3:01:25 AM - Software Distribution Service 3.0
RP768: 6/11/2010 3:00:47 AM - Software Distribution Service 3.0
RP769: 6/12/2010 3:00:42 AM - Software Distribution Service 3.0
RP770: 6/13/2010 3:00:49 AM - Software Distribution Service 3.0
RP771: 6/14/2010 3:00:42 AM - Software Distribution Service 3.0
RP772: 6/15/2010 3:00:38 AM - Software Distribution Service 3.0
RP773: 6/16/2010 3:00:45 AM - Software Distribution Service 3.0
RP774: 6/17/2010 3:00:46 AM - Software Distribution Service 3.0
RP775: 6/18/2010 3:00:47 AM - Software Distribution Service 3.0
RP776: 6/19/2010 3:00:59 AM - Software Distribution Service 3.0
RP777: 6/20/2010 3:00:44 AM - Software Distribution Service 3.0
RP778: 6/21/2010 3:00:40 AM - Software Distribution Service 3.0
RP779: 6/22/2010 3:00:50 AM - Software Distribution Service 3.0
RP780: 6/22/2010 9:10:42 AM - Avg8 Update
RP781: 6/23/2010 3:00:48 AM - Software Distribution Service 3.0
RP782: 6/24/2010 3:00:49 AM - Software Distribution Service 3.0
RP783: 6/25/2010 3:00:49 AM - Software Distribution Service 3.0
RP784: 6/26/2010 3:01:02 AM - Software Distribution Service 3.0
RP785: 6/27/2010 3:00:57 AM - Software Distribution Service 3.0
RP786: 6/28/2010 3:01:00 AM - Software Distribution Service 3.0
RP787: 6/29/2010 3:00:28 AM - Software Distribution Service 3.0
RP788: 6/30/2010 3:00:21 AM - Software Distribution Service 3.0
RP789: 7/1/2010 3:00:38 AM - Software Distribution Service 3.0
RP790: 7/2/2010 3:00:27 AM - Software Distribution Service 3.0
RP791: 7/3/2010 3:00:47 AM - Software Distribution Service 3.0
RP792: 7/4/2010 3:00:39 AM - Software Distribution Service 3.0
RP793: 7/5/2010 3:00:38 AM - Software Distribution Service 3.0
RP794: 7/6/2010 3:00:36 AM - Software Distribution Service 3.0
RP795: 7/7/2010 3:00:43 AM - Software Distribution Service 3.0
RP796: 7/8/2010 3:00:33 AM - Software Distribution Service 3.0
RP797: 7/9/2010 3:00:35 AM - Software Distribution Service 3.0
RP798: 7/10/2010 3:00:35 AM - Software Distribution Service 3.0
RP799: 7/11/2010 3:00:36 AM - Software Distribution Service 3.0
RP800: 7/12/2010 3:00:35 AM - Software Distribution Service 3.0
RP801: 7/13/2010 3:00:33 AM - Software Distribution Service 3.0
RP802: 7/14/2010 3:01:19 AM - Software Distribution Service 3.0
RP803: 7/14/2010 9:39:08 AM - Avg8 Update
RP804: 7/14/2010 9:40:08 AM - Avg8 Update
RP805: 7/15/2010 3:01:11 AM - Software Distribution Service 3.0
RP806: 7/16/2010 3:00:58 AM - Software Distribution Service 3.0
RP807: 7/17/2010 3:00:58 AM - Software Distribution Service 3.0
RP808: 7/18/2010 3:01:03 AM - Software Distribution Service 3.0
RP809: 7/19/2010 3:01:11 AM - Software Distribution Service 3.0
RP810: 7/20/2010 3:01:10 AM - Software Distribution Service 3.0
RP811: 7/21/2010 3:00:38 AM - Software Distribution Service 3.0
RP812: 7/22/2010 3:00:41 AM - Software Distribution Service 3.0
RP813: 7/23/2010 3:00:44 AM - Software Distribution Service 3.0
RP814: 7/24/2010 3:00:43 AM - Software Distribution Service 3.0
RP815: 7/25/2010 3:00:48 AM - Software Distribution Service 3.0
RP816: 7/26/2010 3:00:52 AM - Software Distribution Service 3.0
RP817: 7/27/2010 3:00:53 AM - Software Distribution Service 3.0
RP818: 7/28/2010 3:00:47 AM - Software Distribution Service 3.0
RP819: 7/29/2010 3:01:19 AM - Software Distribution Service 3.0
RP820: 7/30/2010 3:01:23 AM - Software Distribution Service 3.0
RP821: 7/31/2010 3:01:07 AM - Software Distribution Service 3.0
RP822: 8/1/2010 3:00:56 AM - Software Distribution Service 3.0
RP823: 8/1/2010 2:46:53 PM - Installed WeatherBug
RP824: 8/2/2010 3:01:41 AM - Software Distribution Service 3.0
RP825: 8/3/2010 3:00:52 AM - Software Distribution Service 3.0
RP826: 8/4/2010 3:00:50 AM - Software Distribution Service 3.0
RP827: 8/5/2010 3:00:51 AM - Software Distribution Service 3.0
RP828: 8/6/2010 3:01:10 AM - Software Distribution Service 3.0
RP829: 8/7/2010 3:01:05 AM - Software Distribution Service 3.0
RP830: 8/8/2010 3:01:15 AM - Software Distribution Service 3.0
RP831: 8/9/2010 3:00:49 AM - Software Distribution Service 3.0
RP832: 8/10/2010 3:00:55 AM - Software Distribution Service 3.0
RP833: 8/11/2010 3:00:56 AM - Software Distribution Service 3.0
RP834: 8/12/2010 3:49:44 AM - System Checkpoint
RP835: 8/13/2010 3:01:24 AM - Software Distribution Service 3.0
RP836: 8/14/2010 3:00:48 AM - Software Distribution Service 3.0
RP837: 8/15/2010 3:00:41 AM - Software Distribution Service 3.0
RP838: 8/16/2010 3:01:37 AM - Software Distribution Service 3.0
RP839: 8/17/2010 3:00:50 AM - Software Distribution Service 3.0
RP840: 8/18/2010 3:00:48 AM - Software Distribution Service 3.0
RP841: 8/19/2010 3:00:47 AM - Software Distribution Service 3.0
RP842: 8/20/2010 3:00:54 AM - Software Distribution Service 3.0
RP843: 8/21/2010 3:00:52 AM - Software Distribution Service 3.0
RP844: 8/22/2010 3:00:45 AM - Software Distribution Service 3.0
RP845: 8/23/2010 3:00:47 AM - Software Distribution Service 3.0
RP846: 8/24/2010 3:00:43 AM - Software Distribution Service 3.0
RP847: 8/25/2010 3:00:45 AM - Software Distribution Service 3.0
RP848: 8/25/2010 2:37:59 PM - Removed AVG Free 8.5
RP849: 8/25/2010 2:38:39 PM - Installed AVG Free 8.5
RP850: 8/25/2010 3:50:07 PM - Removed ColorTyme exCEL
RP851: 8/25/2010 3:55:32 PM - Removed SUPERAntiSpyware Free Edition
RP852: 8/25/2010 3:56:00 PM - Removed WeatherBug
RP853: 8/25/2010 3:58:05 PM - Removed Java™ 6 Update 5
RP854: 8/26/2010 3:00:17 AM - Software Distribution Service 3.0
RP855: 8/27/2010 3:00:18 AM - Software Distribution Service 3.0
RP856: 8/27/2010 3:14:25 PM - Software Distribution Service 3.0
RP857: 8/27/2010 6:18:40 PM - Removed Bonjour
RP858: 8/27/2010 6:19:18 PM - Removed CA Pest Patrol Realtime Protection
RP859: 8/27/2010 6:20:16 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP860: 8/27/2010 6:21:22 PM - Removed Shadow Copy Client

==== Installed Programs ======================

Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.3 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Broadcom ASF Management Applications
Broadcom Management Programs
Business Contact Manager for Outlook 2007 SP2
CCleaner
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.20
Desktop Doctor
dj_sf_software
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 7
KM-NET for Accounting
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
My.Freeze.com NetAssistant
My.Freeze.com NetAssistant for Firefox
OGA Notifier 2.0.0048.0
OTG Maintenance Cleanup
PDF Settings
PolicyMaker™ Registry Extension 2.5.2
PowerDVD
QuickBooks Product Listing Service
QuickTime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

8/28/2010 8:16:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL
8/27/2010 7:13:12 PM, error: PlugPlayManager [11] - The device Root\LEGACY_LSIWV\0000 disappeared from the system without first being prepared for removal.
8/27/2010 6:56:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi Fips intelppm SASDIFSV SASKUTIL
8/27/2010 5:53:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi
8/27/2010 5:52:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/27/2010 5:21:09 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
8/27/2010 5:09:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/27/2010 5:09:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/27/2010 4:42:26 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 001D091252AA has been denied by the DHCP server 68.87.74.16 (The DHCP Server sent a DHCPNACK message).
8/27/2010 4:41:59 PM, error: Dhcp [1002] - The IP address lease 76.108.169.117 for the Network Card with network address 001D091252AA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/27/2010 4:23:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASKUTIL
8/27/2010 3:15:36 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for SQL Server 2005 Service Pack 3 (KB970892).
8/25/2010 8:10:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
8/25/2010 4:44:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi SASKUTIL
8/25/2010 3:23:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/25/2010 3:02:35 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).
8/25/2010 3:01:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm SASDIFSV SASKUTIL
8/25/2010 3:00:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================

Edited by jwright12382, 30 August 2010 - 01:55 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 31 August 2010 - 10:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 03 September 2010 - 04:25 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 06 September 2010 - 01:17 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users