# Unending Acquiring Network Address: Please Help!



## lfchockey (Oct 28, 2011)

I've been trying to fix this problem for the past three or four days but to no avail. I've scoured the Internet and find many things that seem logical but nothing works.

Basically, I'm pretty sure that I acquired a virus/Trojan(s) somewhere along the way (Security Sphere?) and it totally messed with everything. I'm relatively confident it's gone but not 100% sure (It wouldn't allow me to run antivirus software and would crash it after a few minutes. Then, the next time I tried to run the software I would get a message "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access them". I'm signed in as an admin so I'm guessing the problem is that the registry keys have been messed with. 

I was able to download some more antivirus software and transfer them to this laptop and did a complete scan and a couple of flaws (Trojans) were found so I'm hoping that was the end of them.

I tried doing a restore to a previous point, but no restore works unless I manually create one. Obviously the problem with that is that if I create one now, it reverts back to a time where the problem is still existent. 

Some things I've noticed and tried:
1. In my Security Center, my Firewall is not on. I'm pretty sure it was on previously before getting the virus, I turned it off when I was having problems connecting to the Internet thinking that may be the problem and now I can't get in to turn it back on again. When I click the "Enable" button, I get the message "We're sorry. The Security Center could not turn on Windows Firewall… do it through the Control Panel". The Control Panel gives me the error message "Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) Service?" and when I click "yes" eventually an error message says "Windows cannot start the Windows (ICS) service."

2. For quite some time my Wireless Network Connection was 'finding' previous wireless networks and was able to connect to them but would stall out and get stuck on 'acquiring network address'. If I went in to view the wireless networks in the area none would pop up even though it had already connected to different ones at different times (ones that I had previously had successful connections on). I tried re-installing all drivers for the PCI modem (which in the Device Manager was listed as 'Unknown Device' and the network adapters but this didn't help. In fact, now out of nowhere the Connections that were previously made but getting stuck on acquiring the network address won't connect at all anymore. [Update: I re-installed the driver for my modem and now I'm back at the acquiring network address part. I have 'Very Good Signal Strength']

3. When I go into my "Services" many of my Local services that are supposed to start automatically aren't doing so. I'm really focussed on the Internet connection. I've narrowed it down (I think???) to the IPSec because many of the Services not running are dependent upon IPSec. When trying to start manually I get an "Error 10050: A socket operation encountered a dead network." This message was being displayed even though I am connected and logged into the network. (Services that do work: Wireless Zero Configuration, DNS Client, Network Connections, Remote Access Connection Manager, Remote Procedure Call)(Services that do NOT work: IPSEC, DHCP Client, Net Logon, TCP/IP NetBIOS Helper, Routing and Remote Access(Disabled))

4. I've tried downloading Winsockfix but that didn't help. 
5. Many of the programs(antivirus software - MBAM, Avast, HijackThis, SuperAntispyware) that initially had problems because of the virus ran fine for awhile and now inexplicably stopped running (this may have been because of a system restore although it was restored to a few minutes earlier???). I downloaded Avast again just recently and did another sweep thinking that it's possible the original malware was never properly removed but came up with nothing. 

I'm kind of at wits end figuring this out. I feel fairly confident the malware is gone but who knows. 
Basically I'm just mostly focussed with getting the Internet up and running again!

Here is the ipconfig/all:

Windows IP Configuration

Host Name . . . . . . . . . . . . : blackhome
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card
Physical Address. . . . . . . . . : 00-14-A4-41-A1-CD
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 0.0.0.0

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-14-22-E3-58-BD

I am in Canada. I'm connected to various networks wirelessly throughout the day, and I know that each one has other computers connected without a problem and they all use different routers and I've never had a problem before.
I know my wireless is on and working because I'm getting a signal.

As you can see my Ethernet adapter is not connected but I don't feel that is a problem considering I'm never hardwired into a network???

I'm also using Windows XP SP3

Thank you in advance


----------



## VictoriaiiCe (Oct 21, 2011)

Move this thread to security as well so malware professionals can review it.


----------



## lfchockey (Oct 28, 2011)

Thanks... will do!


----------



## TerryNet (Mar 23, 2005)

VictoriaiiCe said:


> Move this thread to security as well so malware professionals can review it.


40 lashes with a wet noodle for that advice.  Only moderators and administrators can move threads, and now the OP has started a duplicate, and useless, thread. In these situations please use advice along the lines of ...

Read Everyone MUST read this BEFORE posting for help in this forum, post the requested information here, and then click on Report at the bottom of your post and request this thread be moved to the Virus & Other Malware Removal forum.

Bump your thread there once a day--no more often--until you get a reply. They're kinda busy over there.


----------



## VictoriaiiCe (Oct 21, 2011)

Sorry Terry! I was told otherwise prior. Duly noted


----------



## TerryNet (Mar 23, 2005)

If you need malware removal help it will go more smoothly if you have internet access, so let's take a stab at that first.

(from a JohnWill post)

IP addresses of 0.0.0.0 are normally caused by one of the following.

Diagnosis:
1.	DHCP Service not running.
2.	Duplicate IP address on the network.
3.	Bad NIC card drivers.
4.	Defective NIC hardware.

Resolution:
1.	Check Control Panel, Administrative Tools, Services. The DHCP Client service should be Started and its Startup Type should be Automatic.
2.	Turn off ALL of the computers and other network connected devices, reboot the router, then restart all the computers and other network devices.
3.	Check for upgraded drivers and/or reload the Network drivers.
4.	Replace the Network Interface Card.

There has also been at least one case where switching from using Dell WLAN to XP&#8217;s WZC resolved the issue.


----------



## lfchockey (Oct 28, 2011)

The DHCP service is not running.
When I try to start it manually (it is set to automatic) I get an error that one of the dependencies is not running.
I think I've narrowed it down to the IPSec but I don't know how to get it going.

I saw on another forum that downloading and re-installing the service pack might fix the problem (I'm guessing because it restores registry settings) but this gave me the blue screen of death. I started in Safe Mode and then restored my system to a point I set up earlier today so, long story short, I'm back to square one again.

[I'm not sure if this is allowed but the other forum that had almost exactly the same problem as me was http://forums.majorgeeks.com/showthread.php?t=216205 I figured that this might help someone else at some point]


----------



## TerryNet (Mar 23, 2005)

If it were me I would try SFC /SCANNOW (you may have already tried), then a Repair Install, and then a format and clean install of XP.

OTOH the malware removal folks may know how to get this stuff working again; see post # 4 above for the link to the instructions for the information required.


----------



## lfchockey (Oct 28, 2011)

Thanks for your help so far TerryNet. I appreciate your hard work and I know you do this practically every day and don't receive the credit your deserve.

So, I did the sfc/scannow (using the windows installation disc) and nothing was reported back which I'm assuming means that everything was good and nothing was changed. After a Restart of the computer the error still exists.

I tried installing optional components from my Windows XP Pro Installation CDs in terms of Networking but nothing fixed or changed in that respect either.

I'm almost positive it has something to do with the socket and how it is being connected to my router. 
I'm not sure exactly what the IPSec is but when I try to start it manually it gives me the error "Error 10050: A socket operation encountered a dead network."
However, it has found the wireless network, logged on to it but no IP address is being assigned to it.

So frustrating!
I tried another shot at a newer version of WinsockxpFix but that didn't help either.

I also tried your suggestionon


----------



## TerryNet (Mar 23, 2005)

In case there is any doubt, here is the correct stack and WINSOCK XP fix. Some of the automatic ones are for pre-SP2 and can do as much harm as good.

(From a JohnWill post)

*TCP/IP stack repair options for use with Windows XP with SP2 or SP3.*

*Start, Run, CMD, OK* to open a command prompt.

Reset WINSOCK entries to installation defaults: *netsh winsock reset catalog*

Reset TCP/IP stack to installation defaults. *netsh int ip reset reset.log*

Reboot the machine.


----------



## lfchockey (Oct 28, 2011)

I tried that before (and again) with no luck.

Is it possible that the "Ethernet adapter Local Area Connection" may be the problem or at least connected in some way to the problem? Considering it is showing up as 'Media not Connected"


----------



## TerryNet (Mar 23, 2005)

I think it's the paragraph that I did not see when first reading your initial post--all those AWOL services. Just the DHCP service not running is enough to give an IP of all zeros.


----------



## lfchockey (Oct 28, 2011)

Is there any way to fix the IPSec Service. The error is 10050 which says the socket can't connect to the dead network?

The network isn't dead, I have have several other computers on it including phones etc.

The computer is able to connect and successfully log in.

I tried creating a static IP address and it shows that it is connected but no pages will load.


----------



## lfchockey (Oct 28, 2011)

I also noticed that the IPSEC needs a TCP/IP Protocol Driver to work (one of its dependencies).
In my services I don't currently have a TCP/IP Protocol Driver. Is this something that is standard in XP Services?


----------



## TerryNet (Mar 23, 2005)

Right click on your connection in Network Connections - select Properties. If 'Internet Protocol (TP/IP)' is not installed click on Install.. and see if you can get it back.


----------



## lfchockey (Oct 28, 2011)

Oh... ok. Yeah, it's definitely there. I was just wondering if it should also show up in the 'Services'.


----------



## TerryNet (Mar 23, 2005)

I didn't read your previous question accurately. There is a TCP/IP NetBIOS Helper service, but no other TCP/IP anything. The NetBIOS Helper is needed for file sharing, but not for basic networking.


----------



## lfchockey (Oct 28, 2011)

Ok... thanks.

I've tried just about everything I can think of to fix the problem.
Recently I tried plugging directly into the router and I got the same problem as before - stuck on 'acquiring network access'
I've downloaded registry repair tools, 10050 error fix, and have run several different anti-virus programs but nothing has come up as a fix. I'm guessing the damage has already been done. So it should be just a matter of fixing the problem that is isolated. Is there a way to complete delete/re-install the systems that I know aren't working? 
I read another thread somewhere on fixing AFD registry keys but wasn't really sure where to go for direction on that.

My other thought is to run combofix but I know there are some big time warnings that come with it. 

Frankly, I feel that I'm at the end of the line and will either have to do a complete re-install of windows and lose everything or will have to just go buy a new computer because this one has had a good life.


----------



## lfchockey (Oct 28, 2011)

I thought this might help someone else (delete if not appropriate)
It didn't actually help me although I didn't mess with the AFD registry 
http://www.techsupportforum.com/for...rks-and-other-such-unpleasantries-598789.html


----------



## TerryNet (Mar 23, 2005)

Trying a Repair Install is still a good option.


----------



## lfchockey (Oct 28, 2011)

Well I took a bit of a different approach and noticed that I have no AFD folder in my registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

I'm pretty sure that's where the problem is. Also, many of the errors that I'm getting in my event log (Event Viewer) are requiring the afd.sys which seems to be non-existant.
I've done the sfc/ scannow which should have replaced and set this up again however it didn't. Can anyone give me advice on where to go in order to manually add this and the registry keys as well?


----------



## Cookiegal (Aug 27, 2003)

I believe we can fix this but first please do this as I need to gather a bit of information.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.

Also, please do this to export a key from the registry:

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please upload that file as an attachment. If it's too large you my have to zip it first.


----------



## lfchockey (Oct 28, 2011)

Awesome! I like the sounds of that 

Just took a quick peak and didn't see any AFD registry entries


----------



## Cookiegal (Aug 27, 2003)

I assume you're working on collecting the errors so I'll wait for those before posting the fix as I may need some information from them.


----------



## lfchockey (Oct 28, 2011)

Oops... sorry. I guess I forgot that.
Here it is, and thank you for taking the time to help me!

I think the last ones are probably the ones that are the most important because it says that the AFD is missing/non-existent.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a FixAFD.zip file to this post. Save it to your desktop. Unzip it (extract the file) and double-click the FixAFD.reg file and allow it to merge into the registry.

Then go to Start - Run - type in *services.msc* and click OK. Double-click each of the following services and if their status is "Stopped" click on the Start button to start the service.

DHCP Client
Network Location Awareness (NLA)
TCP/IP NetBIOS Helper

While there check all of these and if they are stopped then start them as well:

Computer Browser 
DNS Client 
IPSEC Services
Network Connections 
Server 
Workstation

Then reboot and see if you can connect to the Internet please.


----------



## lfchockey (Oct 28, 2011)

The .reg file merged successfully with the registry

When I try to start the following services I get an Error 1075 ("dependency missing"):
DHCP Client
Network Location Awareness (NLA)
TCP/IP NetBIOS Helper

All of the other services were already started and set to Automatic except for the IPSEC
IPSEC is giving an error 10050 ("socket cannot connect to dead socket")


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
afd.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## lfchockey (Oct 28, 2011)

I'm also getting the same errors in the Services... even the ones that are "dependent on AFD"


----------



## Cookiegal (Aug 27, 2003)

That's why I think the file may be missing.

What programs did you use to clean the malware?


----------



## lfchockey (Oct 28, 2011)

In response to your latest post:
I used quite a few different ones...Avast, DiskDoctor, Malwarebytes, and a couple of others that I can't remember their names.


----------



## Cookiegal (Aug 27, 2003)

Navigate to the following file (the one in this specific location):

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\*afd.sys*

Right-click the afd.sys file and select "Copy" then navigate to the following folder:

C:\WINDOWS\System32\*Drivers *and open the Drivers folder. Then right-click the mouse and select "paste" to drop a copy of the file in that location.

Then go back to the services utility and try to the start the services in this order:

TCP/IP NetBIOS Helper
Network Location Awareness (NLA)
DHCP Client

If they start, see if you can connect.


----------



## Cookiegal (Aug 27, 2003)

Sorry, please use this version of the file instead (this is the one to copy):

C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys


----------



## Cookiegal (Aug 27, 2003)

I have to sign off for the night so I'll check back tomorrow.


----------



## lfchockey (Oct 28, 2011)

Sorry about that.. I had a very early morning myself.

So, I was able to steal away a few minutes and test your new suggestion... AND IT WORKED!!!!!

Thank you so much! I owe you huge.

When I started each service manually they fired up without a hitch.
I re-started the computer and it didn't connect. However, when I went back in to services the DHCP was not started (although it was set to Automatic) so I started it manually and everything booted up fine and now I'm even able to connect to the Internet!!!!

There seem to be a couple little glitches, but nothing I can't handle on my own.

Thank you guys for your help!!!


----------



## Cookiegal (Aug 27, 2003)

I'm glad it worked. You're welcome. 

I would like to continue this with you to make sure the malware is gone and hopefully fix whatever glitches remain.

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## lfchockey (Oct 28, 2011)

Here are the log files.

What is the best antivirus software you'd recommend and use to hopefully make sure this doesn't happen again?


----------



## Cookiegal (Aug 27, 2003)

Yup, there are still signs of infection or at least remnants there.

I'm posting the logs here for easier viewing. In the future, please copy and paste the logs rather than attaching them unless specifically requested as it makes it easier to work with them.

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Mason at 18:30:51 on 2011-11-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.477 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.1stopfantasyhockey.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RRT-Auto] c:\documents and settings\mason\desktop\Sergiwa RRT.exe auto
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 64.71.255.198
TCP: Interfaces\{733FECD9-3F54-4E63-B51C-FE2CDD0A31FC} : DhcpNameServer = 192.168.1.1 64.71.255.198
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: winveg32 - winveg32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mason\application data\mozilla\firefox\profiles\ez9ifev9.default\
FF - prefs.js: browser.startup.homepage - hxxp://1stopfantasyhockey.com/|http://games.espn.go.com/ffl/league...|http://z11.************.com/SFFHL/index.php?
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-4 80384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;\??\c:\windows\system32\drivers\cpuz135_x32.sys --> c:\windows\system32\drivers\cpuz135_x32.sys [?]
S2 MySQL2;MySQL2;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.5\my.ini" mysql2 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-02 12:31:57	138496	-c--a-w-	c:\windows\system32\dllcache\afd.sys
2011-11-02 12:31:57	138496	----a-w-	c:\windows\system32\drivers\afd.sys
2011-10-31 15:22:09	--------	d-----w-	C:\RRTVAULT
2011-10-30 15:09:16	--------	d-----w-	c:\documents and settings\mason\application data\GlarySoft
2011-10-30 15:08:32	--------	d-----w-	c:\program files\Glarysoft
2011-10-30 14:38:08	--------	d-----w-	c:\documents and settings\mason\application data\DriverCure
2011-10-30 14:38:07	--------	d-----w-	c:\documents and settings\mason\application data\ParetoLogic
2011-10-30 14:37:36	--------	d-----w-	c:\program files\common files\ParetoLogic
2011-10-30 14:37:34	--------	d-----w-	c:\program files\ParetoLogic
2011-10-30 14:37:34	--------	d-----w-	c:\documents and settings\all users\application data\ParetoLogic
2011-10-29 18:57:02	7168	-c--a-w-	c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-10-29 18:57:02	65536	-c--a-w-	c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-10-29 18:57:02	57856	-c--a-w-	c:\windows\system32\dllcache\EXCH_scripto.dll
2011-10-29 18:57:02	5632	-c--a-w-	c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-10-29 18:57:02	43520	-c--a-w-	c:\windows\system32\dllcache\EXCH_fcachdll.dll
2011-10-29 18:57:02	38912	-c--a-w-	c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-10-29 18:57:02	23040	-c--a-w-	c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-10-29 18:57:02	12288	-c--a-w-	c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-10-29 16:07:02	116224	-c--a-w-	c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-29 16:06:58	23040	-c--a-w-	c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-29 16:06:57	18944	-c--a-w-	c:\windows\system32\dllcache\xrxscnui.dll
2011-10-29 16:06:53	27648	-c--a-w-	c:\windows\system32\dllcache\xrxftplt.exe
2011-10-29 16:06:48	4608	-c--a-w-	c:\windows\system32\dllcache\xrxflnch.exe
2011-10-29 16:06:20	99865	-c--a-w-	c:\windows\system32\dllcache\xlog.exe
2011-10-29 16:06:12	16970	-c--a-w-	c:\windows\system32\dllcache\xem336n5.sys
2011-10-29 16:06:11	19455	-c--a-w-	c:\windows\system32\dllcache\wvchntxx.sys
2011-10-29 16:06:06	12063	-c--a-w-	c:\windows\system32\dllcache\wsiintxx.sys
2011-10-29 16:06:05	8192	-c--a-w-	c:\windows\system32\dllcache\wshirda.dll
2011-10-29 16:05:47	8832	-c--a-w-	c:\windows\system32\dllcache\wmiacpi.sys
2011-10-29 16:05:45	154624	-c--a-w-	c:\windows\system32\dllcache\wlluc48.sys
2011-10-29 16:05:40	34890	-c--a-w-	c:\windows\system32\dllcache\wlandrv2.sys
2011-10-29 16:05:30	771581	-c--a-w-	c:\windows\system32\dllcache\winacisa.sys
2011-10-29 16:05:24	53760	-c--a-w-	c:\windows\system32\dllcache\wiamsmud.dll
2011-10-29 16:05:19	87040	-c--a-w-	c:\windows\system32\dllcache\wiafbdrv.dll
2011-10-29 16:05:08	701386	-c--a-w-	c:\windows\system32\dllcache\wdhaalba.sys
2011-10-29 16:05:07	31744	-c--a-w-	c:\windows\system32\dllcache\wceusbsh.sys
2011-10-29 16:05:07	23615	-c--a-w-	c:\windows\system32\dllcache\wch7xxnt.sys
2011-10-29 16:05:00	35871	-c--a-w-	c:\windows\system32\dllcache\wbfirdma.sys
2011-10-29 16:04:58	33599	-c--a-w-	c:\windows\system32\dllcache\watv04nt.sys
2011-10-29 16:04:56	19551	-c--a-w-	c:\windows\system32\dllcache\watv02nt.sys
2011-10-29 16:04:55	29311	-c--a-w-	c:\windows\system32\dllcache\watv01nt.sys
2011-10-29 16:04:53	11775	-c--a-w-	c:\windows\system32\dllcache\wadv05nt.sys
2011-10-29 16:04:52	12127	-c--a-w-	c:\windows\system32\dllcache\wadv02nt.sys
2011-10-29 16:04:50	12415	-c--a-w-	c:\windows\system32\dllcache\wadv01nt.sys
2011-10-29 16:04:42	16925	-c--a-w-	c:\windows\system32\dllcache\w940nd.sys
2011-10-29 16:04:35	19016	-c--a-w-	c:\windows\system32\dllcache\w926nd.sys
2011-10-29 16:04:28	19528	-c--a-w-	c:\windows\system32\dllcache\w840nd.sys
2011-10-29 16:04:17	64605	-c--a-w-	c:\windows\system32\dllcache\vvoice.sys
2011-10-29 16:04:10	397502	-c--a-w-	c:\windows\system32\dllcache\vpctcom.sys
2011-10-29 16:04:02	604253	-c--a-w-	c:\windows\system32\dllcache\vmodem.sys
2011-10-29 16:03:56	249402	-c--a-w-	c:\windows\system32\dllcache\vinwm.sys
2011-10-29 16:03:49	24576	-c--a-w-	c:\windows\system32\dllcache\viairda.sys
2011-10-29 16:03:47	5376	-c--a-w-	c:\windows\system32\dllcache\viaide.sys
2011-10-29 16:03:45	53760	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-29 16:03:37	687999	-c--a-w-	c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-29 16:03:30	765884	-c--a-w-	c:\windows\system32\dllcache\usrti.sys
2011-10-29 16:03:23	113762	-c--a-w-	c:\windows\system32\dllcache\usrpda.sys
2011-10-29 16:03:16	7556	-c--a-w-	c:\windows\system32\dllcache\usroslba.sys
2011-10-29 16:03:09	224802	-c--a-w-	c:\windows\system32\dllcache\usr1807a.sys
2011-10-29 16:03:05	794399	-c--a-w-	c:\windows\system32\dllcache\usr1806v.sys
2011-10-29 16:03:01	793598	-c--a-w-	c:\windows\system32\dllcache\usr1806.sys
2011-10-29 16:01:54	11520	-c--a-w-	c:\windows\system32\dllcache\twotrack.sys
2011-10-29 16:01:44	166784	-c--a-w-	c:\windows\system32\dllcache\tridxpm.sys
2011-10-29 16:01:40	525568	-c--a-w-	c:\windows\system32\dllcache\tridxp.dll
2011-10-29 16:01:36	159232	-c--a-w-	c:\windows\system32\dllcache\tridkbm.sys
2011-10-29 16:01:32	440576	-c--a-w-	c:\windows\system32\dllcache\tridkb.dll
2011-10-29 16:01:27	222336	-c--a-w-	c:\windows\system32\dllcache\trid3dm.sys
2011-10-29 16:01:22	315520	-c--a-w-	c:\windows\system32\dllcache\trid3d.dll
2011-10-29 16:01:15	34375	-c--a-w-	c:\windows\system32\dllcache\tpro4.sys
2011-10-29 16:01:08	42496	-c--a-w-	c:\windows\system32\dllcache\tp4res.dll
2011-10-29 16:01:07	82944	-c--a-w-	c:\windows\system32\dllcache\tp4mon.exe
2011-10-29 16:01:00	31744	-c--a-w-	c:\windows\system32\dllcache\tp4.dll
2011-10-29 16:00:53	4992	-c--a-w-	c:\windows\system32\dllcache\toside.sys
2011-10-29 16:00:47	230912	-c--a-w-	c:\windows\system32\dllcache\tosdvd03.sys
2011-10-29 16:00:40	241664	-c--a-w-	c:\windows\system32\dllcache\tosdvd02.sys
2011-10-29 16:00:34	28232	-c--a-w-	c:\windows\system32\dllcache\tos4mo.sys
2011-10-29 16:00:25	123995	-c--a-w-	c:\windows\system32\dllcache\tjisdn.sys
2011-10-29 16:00:17	138528	-c--a-w-	c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-29 16:00:10	81408	-c--a-w-	c:\windows\system32\dllcache\tgiul50.dll
2011-10-29 16:00:08	149376	-c--a-w-	c:\windows\system32\dllcache\tffsport.sys
2011-10-29 16:00:01	17129	-c--a-w-	c:\windows\system32\dllcache\tdkcd31.sys
2011-10-29 15:59:55	37961	-c--a-w-	c:\windows\system32\dllcache\tdk100b.sys
2011-10-29 15:59:44	30464	-c--a-w-	c:\windows\system32\dllcache\tbatm155.sys
2011-10-29 15:59:37	7040	-c--a-w-	c:\windows\system32\dllcache\tandqic.sys
2011-10-29 15:59:33	36640	-c--a-w-	c:\windows\system32\dllcache\t2r4mini.sys
2011-10-29 15:59:29	172768	-c--a-w-	c:\windows\system32\dllcache\t2r4disp.dll
2011-10-29 15:59:22	32640	-c--a-w-	c:\windows\system32\dllcache\symc8xx.sys
2011-10-29 15:59:18	16256	-c--a-w-	c:\windows\system32\dllcache\symc810.sys
2011-10-29 15:59:14	30688	-c--a-w-	c:\windows\system32\dllcache\sym_u3.sys
2011-10-29 15:59:10	28384	-c--a-w-	c:\windows\system32\dllcache\sym_hi.sys
2011-10-29 15:59:06	94293	-c--a-w-	c:\windows\system32\dllcache\sxports.dll
2011-10-29 15:59:02	103936	-c--a-w-	c:\windows\system32\dllcache\sx.sys
2011-10-29 15:57:56	106584	-c--a-w-	c:\windows\system32\dllcache\spdports.dll
2011-10-29 15:57:52	19072	-c--a-w-	c:\windows\system32\dllcache\sparrow.sys
2011-10-29 15:57:47	7552	-c--a-w-	c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 15:57:44	37040	-c--a-w-	c:\windows\system32\dllcache\sonypi.sys
2011-10-29 15:57:38	114688	-c--a-w-	c:\windows\system32\dllcache\sonypi.dll
2011-10-29 15:57:32	20752	-c--a-w-	c:\windows\system32\dllcache\sonync.sys
2011-10-29 15:57:26	9600	-c--a-w-	c:\windows\system32\dllcache\sonymc.sys
2011-10-29 15:57:25	7552	-c--a-w-	c:\windows\system32\dllcache\sonyait.sys
2011-10-29 15:57:18	7040	-c--a-w-	c:\windows\system32\dllcache\snyaitmc.sys
2011-10-29 15:57:06	58368	-c--a-w-	c:\windows\system32\dllcache\smiminib.sys
2011-10-29 15:57:00	147200	-c--a-w-	c:\windows\system32\dllcache\smidispb.dll
2011-10-29 15:56:54	25034	-c--a-w-	c:\windows\system32\dllcache\smcpwr2n.sys
2011-10-29 15:56:48	35913	-c--a-w-	c:\windows\system32\dllcache\smcirda.sys
2011-10-29 15:56:42	24576	-c--a-w-	c:\windows\system32\dllcache\smc8000n.sys
2011-10-29 15:56:36	6784	-c--a-w-	c:\windows\system32\dllcache\smbhc.sys
2011-10-29 15:56:35	6912	-c--a-w-	c:\windows\system32\dllcache\smbclass.sys
2011-10-29 15:56:34	16000	-c--a-w-	c:\windows\system32\dllcache\smbbatt.sys
2011-10-29 15:56:28	45568	-c--a-w-	c:\windows\system32\dllcache\smb3w.dll
2011-10-29 15:56:22	33792	-c--a-w-	c:\windows\system32\dllcache\smb0w.dll
2011-10-29 15:56:15	28672	-c--a-w-	c:\windows\system32\dllcache\sma0w.dll
2011-10-29 15:56:08	28160	-c--a-w-	c:\windows\system32\dllcache\sm91w.dll
2011-10-29 15:56:00	63547	-c--a-w-	c:\windows\system32\dllcache\sla30nd5.sys
2011-10-29 15:54:59	98080	-c--a-w-	c:\windows\system32\dllcache\sgiulnt5.sys
2011-10-29 15:53:58	245632	-c--a-w-	c:\windows\system32\dllcache\s3savmx.dll
2011-10-29 15:52:55	19017	-c--a-w-	c:\windows\system32\dllcache\rtl8029.sys
2011-10-29 15:52:50	30720	-c--a-w-	c:\windows\system32\dllcache\rthwcls.sys
2011-10-29 15:52:43	9216	-c--a-w-	c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-29 15:52:36	3840	-c--a-w-	c:\windows\system32\dllcache\rpfun.sys
2011-10-29 15:52:33	79104	-c--a-w-	c:\windows\system32\dllcache\rocket.sys
2011-10-29 15:52:27	37563	-c--a-w-	c:\windows\system32\dllcache\rlnet5.sys
2011-10-29 15:52:20	86097	-c--a-w-	c:\windows\system32\dllcache\reslog32.dll
2011-10-29 15:52:08	19584	-c--a-w-	c:\windows\system32\dllcache\rasirda.sys
2011-10-29 15:52:03	714762	-c--a-w-	c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-29 15:50:59	16128	-c--a-w-	c:\windows\system32\dllcache\pscr.sys
2011-10-29 15:49:59	86016	-c--a-w-	c:\windows\system32\dllcache\pctspk.exe
2011-10-29 15:48:57	48000	-c--a-w-	c:\windows\system32\dllcache\ovcam2.sys
2011-10-29 15:47:59	126080	-c--a-w-	c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-29 15:46:58	21888	-c--a-w-	c:\windows\system32\dllcache\mxcard.sys
2011-10-29 15:46:53	103296	-c--a-w-	c:\windows\system32\dllcache\mtxvideo.sys
2011-10-29 15:46:44	49024	-c--a-w-	c:\windows\system32\dllcache\mstape.sys
2011-10-29 15:46:39	12416	-c--a-w-	c:\windows\system32\dllcache\msriffwv.sys
2011-10-29 15:46:30	2944	-c--a-w-	c:\windows\system32\dllcache\msmpu401.sys
2011-10-29 15:46:28	22016	-c--a-w-	c:\windows\system32\dllcache\msircomm.sys
2011-10-29 15:46:15	35200	-c--a-w-	c:\windows\system32\dllcache\msgame.sys
2011-10-29 15:46:11	6016	-c--a-w-	c:\windows\system32\dllcache\msfsio.sys
2011-10-29 15:46:02	17280	-c--a-w-	c:\windows\system32\dllcache\mraid35x.sys
2011-10-29 15:44:57	797500	-c--a-w-	c:\windows\system32\dllcache\ltsmt.sys
2011-10-29 15:43:59	8704	-c--a-w-	c:\windows\system32\dllcache\kbdjpn.dll
2011-10-29 15:42:44	372824	-c--a-w-	c:\windows\system32\dllcache\iconf32.dll
2011-10-29 15:41:33	488383	-c--a-w-	c:\windows\system32\dllcache\hsf_v124.sys
2011-10-29 15:41:30	50751	-c--a-w-	c:\windows\system32\dllcache\hsf_tone.sys
2011-10-29 15:41:28	73279	-c--a-w-	c:\windows\system32\dllcache\hsf_spkp.sys
2011-10-29 15:41:25	44863	-c--a-w-	c:\windows\system32\dllcache\hsf_soar.sys
2011-10-29 15:41:22	57471	-c--a-w-	c:\windows\system32\dllcache\hsf_samp.sys
2011-10-29 15:41:19	542879	-c--a-w-	c:\windows\system32\dllcache\hsf_msft.sys
2011-10-29 15:41:16	391199	-c--a-w-	c:\windows\system32\dllcache\hsf_k56k.sys
2011-10-29 15:41:13	9759	-c--a-w-	c:\windows\system32\dllcache\hsf_inst.dll
2011-10-29 15:41:10	115807	-c--a-w-	c:\windows\system32\dllcache\hsf_fsks.sys
2011-10-29 15:41:07	199711	-c--a-w-	c:\windows\system32\dllcache\hsf_faxx.sys
2011-10-29 15:41:04	289887	-c--a-w-	c:\windows\system32\dllcache\hsf_fall.sys
2011-10-29 15:41:01	67167	-c--a-w-	c:\windows\system32\dllcache\hsf_bsc2.sys
2011-10-29 15:39:59	907456	-c--a-w-	c:\windows\system32\dllcache\hcf_msft.sys
2011-10-29 15:38:55	22090	-c--a-w-	c:\windows\system32\dllcache\fem556n5.sys
2011-10-29 15:37:59	629952	-c--a-w-	c:\windows\system32\dllcache\eqn.sys
2011-10-29 15:36:54	29696	-c--a-w-	c:\windows\system32\dllcache\dm9pci5.sys
2011-10-29 15:35:59	117760	-c--a-w-	c:\windows\system32\dllcache\d100ib5.sys
2011-10-29 15:34:59	37916	-c--a-w-	c:\windows\system32\dllcache\cb102.sys
2011-10-29 15:32:50	871388	-c--a-w-	c:\windows\system32\dllcache\bcmdm.sys
2011-10-29 15:31:59	48128	-c--a-w-	c:\windows\system32\dllcache\61883.sys
2011-10-29 15:31:58	148352	-c--a-w-	c:\windows\system32\dllcache\3dfxvsm.sys
2011-10-29 15:31:58	12288	-c--a-w-	c:\windows\system32\dllcache\4mmdat.sys
2011-10-29 15:31:57	762780	-c--a-w-	c:\windows\system32\dllcache\3cwmcru.sys
2011-10-29 15:31:57	689216	-c--a-w-	c:\windows\system32\dllcache\3dfxvs.dll
2011-10-29 15:31:57	11264	-c--a-w-	c:\windows\system32\dllcache\1394vdbg.sys
2011-10-29 15:31:56	53376	-c--a-w-	c:\windows\system32\dllcache\1394bus.sys
2011-10-29 15:31:29	66048	-c--a-w-	c:\windows\system32\dllcache\s3legacy.dll
2011-10-29 15:21:50	983936	----a-w-	c:\windows\system32\drivers\smserial.sys
2011-10-29 15:21:50	196608	----a-w-	c:\windows\system32\sm56co6a.dll
2011-10-28 22:44:30	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2011-10-28 22:44:30	--------	d-----w-	c:\windows\system32\wbem\Repository
2011-10-28 21:20:41	19569	----a-w-	c:\windows\000001_.tmp
2011-10-28 17:00:40	--------	d-----w-	C:\ERDNT
2011-10-28 13:39:24	--------	d-----w-	c:\program files\CPUID
2011-10-28 12:42:07	--------	d-----w-	c:\program files\Motorola
2011-10-27 00:41:50	89088	----a-w-	c:\windows\system32\ATL71(2).DLL
2011-10-27 00:41:48	1060864	----a-w-	c:\windows\system32\MFC71(2).DLL
2011-10-27 00:41:47	69632	----a-w-	c:\windows\system32\bcmwlpkt(2).dll
2011-10-27 00:41:47	44032	----a-w-	c:\windows\system32\wltrynt(2).dll
2011-10-27 00:41:46	18944	----a-w-	c:\windows\system32\WLTRYSVC(2).EXE
2011-10-27 00:41:46	1200128	----a-w-	c:\windows\system32\BCMWLTRY(2).EXE
2011-10-27 00:41:45	757760	----a-w-	c:\windows\system32\bcm1xsup(2).dll
2011-10-27 00:41:44	--------	d-----w-	c:\program files\Dell
2011-10-26 23:05:32	--------	d-----w-	c:\windows\pss
2011-10-26 22:21:23	--------	d-----w-	c:\windows\system32\NtmsData
2011-10-24 03:01:03	388096	----a-r-	c:\documents and settings\mason\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-24 03:01:00	--------	d-----w-	c:\program files\Trend Micro
2011-10-24 02:23:29	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2011-10-24 02:18:40	--------	d-----w-	c:\documents and settings\mason\application data\Malwarebytes
2011-10-24 02:15:56	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes
2011-10-23 22:35:45	--------	d-----w-	c:\documents and settings\all users\application data\mN01677NfLdC01677
2011-10-23 22:35:42	--------	d-----w-	c:\documents and settings\mason\application data\NaaamHH5sWJf8T
2011-10-23 22:35:25	--------	d-sh--w-	c:\documents and settings\mason\local settings\application data\b5f35acc
2011-10-17 22:25:17	--------	d-----w-	c:\program files\iPod
2011-10-17 22:24:52	--------	d-----w-	c:\program files\iTunes
2011-10-17 22:17:58	--------	d-----w-	c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-10-23 22:48:44	90112	----a-w-	c:\windows\DUMP6a43.tmp
2011-09-05 00:42:31	0	----a-w-	c:\documents and settings\all users\application data\bdgf.exe
2011-09-05 00:42:30	0	----a-w-	c:\documents and settings\all users\application data\rqpc.exe
2011-09-05 00:42:30	0	----a-w-	c:\documents and settings\all users\application data\rlbx.exe
2011-09-05 00:42:30	0	----a-w-	c:\documents and settings\all users\application data\kbmp.exe
2011-08-31 03:05:04	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-26 20:38:40	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-05 19:59:38	307200	----a-w-	c:\windows\system32\TubeFinder.exe
.
============= FINISH: 18:31:05.40 ===============


----------



## Cookiegal (Aug 27, 2003)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 08/05/2010 9:46:15 PM
System Uptime: 02/11/2011 6:15:22 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0D8006
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 23.725 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP284: 10/10/2011 1:34:02 PM - System Checkpoint
RP285: 11/10/2011 11:00:24 PM - System Checkpoint
RP286: 15/10/2011 5:51:32 PM - System Checkpoint
RP287: 17/10/2011 5:37:29 PM - System Checkpoint
RP288: 22/10/2011 10:10:25 AM - System Checkpoint
RP289: 23/10/2011 1:55:03 PM - System Checkpoint
RP290: 23/10/2011 11:00:58 PM - Installed HiJackThis
RP291: 25/10/2011 9:12:37 PM - Restore Operation
RP292: 25/10/2011 10:40:59 PM - Restore Operation
RP293: 25/10/2011 10:48:25 PM - Restore Operation
RP294: 26/10/2011 6:37:49 PM - Restore Pt Test During Known Virus Issue
RP295: 26/10/2011 6:47:32 PM - Restore Operation
RP296: 26/10/2011 6:57:42 PM - Restore Operation
RP297: 26/10/2011 7:15:49 PM - Restore Operation
RP298: 26/10/2011 7:27:27 PM - Restore Operation
RP299: 28/10/2011 8:32:53 AM - System Checkpoint
RP300: 28/10/2011 12:24:14 PM - still possible virus
RP301: 28/10/2011 12:27:23 PM - Restore Operation
RP302: 28/10/2011 12:37:26 PM - Restore Operation
RP303: 28/10/2011 1:06:23 PM - Restore Operation
RP304: 28/10/2011 5:20:56 PM - Installed Windows XP Service Pack 3.
RP305: 28/10/2011 5:25:13 PM - Installed Windows XP KB923561.
RP306: 28/10/2011 5:26:06 PM - Installed Windows XP KB946648.
RP307: 28/10/2011 5:27:03 PM - Installed Windows XP KB950762.
RP308: 28/10/2011 5:27:53 PM - Installed Windows XP KB950974.
RP309: 28/10/2011 5:28:44 PM - Installed Windows XP KB951066.
RP310: 28/10/2011 5:29:38 PM - Installed Windows XP KB951376-v2.
RP311: 28/10/2011 5:30:40 PM - Installed Windows XP KB951748.
RP312: 28/10/2011 5:31:35 PM - Installed Windows XP KB952004.
RP313: 28/10/2011 5:32:25 PM - Installed Windows XP KB952287.
RP314: 28/10/2011 5:33:24 PM - Installed Windows XP KB952954.
RP315: 28/10/2011 5:34:20 PM - Installed Windows XP KB953155.
RP316: 28/10/2011 5:35:14 PM - Installed Windows XP KB955069.
RP317: 28/10/2011 5:36:01 PM - Installed Windows XP KB955759.
RP318: 28/10/2011 5:36:55 PM - Installed Windows XP KB956572.
RP319: 28/10/2011 5:37:48 PM - Installed Windows XP KB956802.
RP320: 28/10/2011 5:38:41 PM - Installed Windows XP KB956803.
RP321: 28/10/2011 5:39:38 PM - Installed Windows XP KB956844.
RP322: 28/10/2011 5:40:28 PM - Installed Windows XP KB958644.
RP323: 28/10/2011 5:41:20 PM - Installed Windows XP KB959426.
RP324: 28/10/2011 5:42:13 PM - Installed Windows XP KB960225.
RP325: 28/10/2011 5:43:08 PM - Installed Windows XP KB960803.
RP326: 28/10/2011 5:43:58 PM - Installed Windows XP KB960859.
RP327: 28/10/2011 5:44:53 PM - Installed Windows XP KB961501.
RP328: 28/10/2011 5:46:34 PM - Installed Windows XP KB967715.
RP329: 28/10/2011 5:47:23 PM - Installed Windows XP KB968389.
RP330: 28/10/2011 5:48:46 PM - Installed Windows XP KB969059.
RP331: 28/10/2011 5:50:29 PM - Installed Windows XP KB969947.
RP332: 28/10/2011 5:51:18 PM - Installed Windows XP KB970238.
RP333: 28/10/2011 5:52:30 PM - Installed Windows XP KB970483.
RP334: 28/10/2011 5:53:24 PM - Installed Windows XP KB971468.
RP335: 28/10/2011 5:54:19 PM - Installed Windows XP KB971657.
RP336: 28/10/2011 5:55:19 PM - Installed Windows XP KB972270.
RP337: 28/10/2011 5:56:12 PM - Installed Windows XP KB973354.
RP338: 28/10/2011 5:57:07 PM - Installed Windows XP KB973507.
RP339: 28/10/2011 5:58:03 PM - Installed Windows XP KB973687.
RP340: 28/10/2011 5:58:56 PM - Installed Windows XP KB973815.
RP341: 28/10/2011 5:59:48 PM - Installed Windows XP KB973869.
RP342: 28/10/2011 6:00:38 PM - Installed Windows XP KB974112.
RP343: 28/10/2011 6:01:28 PM - Installed Windows XP KB974318.
RP344: 28/10/2011 6:02:16 PM - Installed Windows XP KB974392.
RP345: 28/10/2011 6:03:12 PM - Installed Windows XP KB974571.
RP346: 28/10/2011 6:04:01 PM - Installed Windows XP KB975025.
RP347: 28/10/2011 6:04:51 PM - Installed Windows XP KB975467.
RP348: 28/10/2011 6:05:44 PM - Installed Windows XP KB975560.
RP349: 28/10/2011 6:06:34 PM - Installed Windows XP KB975561.
RP350: 28/10/2011 6:07:22 PM - Installed Windows XP KB975713.
RP351: 28/10/2011 6:08:14 PM - Installed Windows XP KB976323.
RP352: 28/10/2011 6:09:12 PM - Installed Windows XP KB977914.
RP353: 28/10/2011 6:10:09 PM - Installed Windows XP KB978037.
RP354: 28/10/2011 6:11:07 PM - Installed Windows XP KB978338.
RP355: 28/10/2011 6:12:05 PM - Installed Windows XP KB978601.
RP356: 28/10/2011 6:13:00 PM - Installed Windows XP KB978706.
RP357: 28/10/2011 6:13:50 PM - Installed Windows XP KB979309.
RP358: 28/10/2011 6:14:46 PM - Installed Windows XP KB979683.
RP359: 28/10/2011 6:15:48 PM - Installed Windows XP KB980232.
RP360: 28/10/2011 6:30:43 PM - Restore Operation
RP361: 29/10/2011 3:41:28 PM - avast! Free Antivirus Setup
RP362: 31/10/2011 7:37:01 AM - System Checkpoint
RP363: 31/10/2011 7:48:12 AM - prior to combofix and repair install
RP364: 01/11/2011 5:10:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
ActivePerl 5.12.3 Build 1204
ActiveState Komodo Edit 6.1.1
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audio Converter 3.0 (Limited Edition)
Bonjour
Bonus Pack Documentation
Broadcom 440x 10/100 Integrated Controller
Business Contact Manager for Outlook 2007 SP2
Codec Pack - All In 1 6.0.3.0
Core FTP LE
Dell Driver Download Manager
Dell Wireless WLAN Card
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GIMP 2.6.11
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
IndigoPerl
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Web Platform Installer 2.0
Motorola SM56 Data Fax Modem
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 6.0 Parser
MySQL Connector/ODBC 5.1
MySQL Workbench 5.2 CE
ParetoLogic PC Health Advisor
QuickTime
Registry Repair 4.1.0.388
SeaMonkey (2.0.12)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Strawberry Perl
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Veetle TV 0.9.18
WAMP5 ACTIVESTATE PERL ADD-ON
WampServer 2.1
WebFldrs XP
WinAMP Skin Importer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media 7 PowerToys
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
29/10/2011 11:06:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx
29/10/2011 11:06:47 AM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The system cannot find the file specified.
29/10/2011 11:06:47 AM, error: Service Control Manager [7000] - The Dell Wireless WLAN Tray Service service failed to start due to the following error: The system cannot find the file specified.
29/10/2011 11:06:47 AM, error: Service Control Manager [7000] - The cpuz135 service failed to start due to the following error: The system cannot find the file specified.
26/10/2011 8:44:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
26/10/2011 7:28:27 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
26/10/2011 7:23:16 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service IISADMIN with arguments "" in order to run the server: {A9E69610-B80D-11D0-B9B9-00A0C922E750}
26/10/2011 7:22:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT PCTSD RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
26/10/2011 7:22:08 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
26/10/2011 7:22:08 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
26/10/2011 7:22:08 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/10/2011 7:22:08 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/10/2011 7:22:08 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
26/10/2011 7:22:08 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/10/2011 7:22:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
26/10/2011 7:21:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/10/2011 6:40:41 PM, error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
26/10/2011 6:40:41 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
26/10/2011 6:40:41 PM, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
26/10/2011 6:12:05 PM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
26/10/2011 6:11:35 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
26/10/2011 6:11:34 PM, error: Service Control Manager [7023] - The World Wide Web Publishing service terminated with the following error: The specified module could not be found.
26/10/2011 6:11:34 PM, error: Service Control Manager [7023] - The Simple Mail Transfer Protocol (SMTP) service terminated with the following error: The specified module could not be found.
26/10/2011 6:11:34 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
26/10/2011 6:11:34 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd
26/10/2011 6:11:34 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: Afd
26/10/2011 6:11:34 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: Access is denied.
26/10/2011 6:11:34 PM, error: Service Control Manager [7000] - The MySQL2 service failed to start due to the following error: The system cannot find the path specified.
26/10/2011 6:11:34 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
02/11/2011 6:14:58 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
01/11/2011 10:06:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: The system cannot find the file specified.
01/11/2011 10:05:43 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The system cannot find the file specified.
01/11/2011 10:05:43 PM, error: Service Control Manager [7000] - The AFD service failed to start due to the following error: The system cannot find the file specified.
01/11/2011 10:05:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD
01/11/2011 10:05:25 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
01/11/2011 10:05:25 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Avast is a good one. It looks like it was installed but is no longer. You need to get one on there ASAP please. But before you do, please run the following (ComboFix). You have to disable security programs to run it and since there isn't one, let's take advantage of that.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## lfchockey (Oct 28, 2011)

I will definitely do that tonight. I probably won't be home until around 5 or 6 o'clock (Eastern).


----------



## Cookiegal (Aug 27, 2003)

That's fine.


----------



## lfchockey (Oct 28, 2011)

ComboFix 11-11-03.03 - Mason 03/11/2011 17:00:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.722 [GMT -4:00]
Running from: c:\documents and settings\Mason\Desktop\Puppy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mason\Local Settings\Application Data\ckjt.exe
c:\documents and settings\Mason\Local Settings\Application Data\nmjl.exe
c:\documents and settings\Mason\Local Settings\Application Data\tuwb.exe
c:\documents and settings\Mason\Local Settings\Application Data\yxlw.exe
C:\test.txt
c:\windows\$NtUninstallKB4288$
c:\windows\$NtUninstallKB4288$\3052624588\@
c:\windows\$NtUninstallKB4288$\3052624588\L\aarxgcwt
c:\windows\$NtUninstallKB4288$\3052624588\loader.tlb
c:\windows\$NtUninstallKB4288$\3052624588\U\@00000001
c:\windows\$NtUninstallKB4288$\3052624588\U\@000000c0
c:\windows\$NtUninstallKB4288$\3052624588\U\@000000cb
c:\windows\$NtUninstallKB4288$\3052624588\U\@000000cf
c:\windows\$NtUninstallKB4288$\3052624588\U\@80000000
c:\windows\$NtUninstallKB4288$\3052624588\U\@800000c0
c:\windows\$NtUninstallKB4288$\3052624588\U\@800000cb
c:\windows\$NtUninstallKB4288$\3052624588\U\@800000cf
c:\windows\$NtUninstallKB4288$\3219636898
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\iun6002.exe
c:\windows\system32\ 
c:\windows\system32\Cache
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe 
.
.
((((((((((((((((((((((((( Files Created from 2011-10-03 to 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-02 12:31 . 2008-08-14 10:34 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-11-02 12:31 . 2008-08-14 10:34 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-31 15:22 . 2011-10-31 15:22 -------- d-----w- C:\RRTVAULT
2011-10-30 15:09 . 2011-10-30 15:09 -------- d-----w- c:\documents and settings\Mason\Application Data\GlarySoft
2011-10-30 15:08 . 2011-11-02 22:34 -------- d-----w- c:\program files\Glarysoft
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- c:\documents and settings\Mason\Application Data\DriverCure
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- c:\documents and settings\Mason\Application Data\ParetoLogic
2011-10-30 14:37 . 2011-11-02 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-10-29 18:57 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-10-29 18:57 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-10-29 18:57 . 2001-08-18 02:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-10-29 18:57 . 2001-08-18 02:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-10-29 18:57 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-10-29 18:57 . 2001-08-18 02:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-10-29 18:57 . 2001-08-18 02:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2011-10-29 18:57 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-10-29 15:53 . 2001-08-18 02:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-10-29 15:53 . 2001-08-18 02:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2011-10-29 15:53 . 2008-04-14 09:42 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-10-29 15:53 . 2008-04-14 09:42 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-10-29 15:53 . 2008-04-14 02:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-10-29 15:52 . 2001-08-17 16:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-10-29 15:52 . 2001-08-17 16:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-10-29 15:52 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-29 15:52 . 2001-08-17 16:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-10-29 15:52 . 2008-04-14 04:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-10-29 15:52 . 2001-08-17 16:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-29 15:52 . 2001-08-18 02:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-29 15:52 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-29 15:52 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-29 15:50 . 2001-08-17 17:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-10-29 15:49 . 2001-08-18 02:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2011-10-29 15:48 . 2001-08-17 18:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-10-29 15:47 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-29 15:46 . 2001-08-17 17:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-10-29 15:46 . 2001-08-17 16:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-10-29 15:46 . 2008-04-14 04:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-29 15:46 . 2001-08-17 17:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-29 15:46 . 2001-08-17 18:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-29 15:46 . 2008-04-14 04:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-29 15:46 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-29 15:46 . 2001-08-17 17:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-29 15:46 . 2001-08-17 17:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-29 15:44 . 2001-08-17 17:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
2011-10-29 15:43 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-10-29 15:42 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-10-29 15:41 . 2001-08-17 17:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-10-29 15:41 . 2001-08-17 17:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-10-29 15:41 . 2001-08-17 17:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-10-29 15:41 . 2001-08-17 17:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2011-10-29 15:41 . 2001-08-17 17:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2011-10-29 15:41 . 2001-08-17 17:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-10-29 15:41 . 2001-08-17 17:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2011-10-29 15:41 . 2001-08-18 02:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-29 15:41 . 2001-08-17 17:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2011-10-29 15:41 . 2001-08-17 17:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2011-10-29 15:41 . 2001-08-17 17:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2011-10-29 15:41 . 2001-08-17 17:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2011-10-29 15:39 . 2001-08-17 17:28 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2011-10-29 15:38 . 2001-08-17 16:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-10-29 15:37 . 2001-08-17 16:17 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2011-10-29 15:36 . 2001-08-17 16:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-10-29 15:35 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-29 15:34 . 2001-08-17 16:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-10-29 15:32 . 2001-08-17 17:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-10-29 15:31 . 2008-04-14 04:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-10-29 15:31 . 2008-04-14 04:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2011-10-29 15:31 . 2001-08-17 16:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-10-29 15:31 . 2001-08-17 18:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-10-29 15:31 . 2001-08-17 18:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-10-29 15:31 . 2001-08-17 17:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-10-29 15:31 . 2008-04-14 04:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2011-10-29 15:21 . 2007-01-17 18:38  983936 ----a-w- c:\windows\system32\drivers\smserial.sys
2011-10-29 15:21 . 2007-01-17 18:34 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2011-10-28 22:44 . 2011-10-28 22:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-28 21:20 . 2006-12-29 04:31 19569 ----a-w- c:\windows\000001_.tmp
2011-10-28 17:00 . 2011-10-28 22:43 -------- d-----w- C:\ERDNT
2011-10-28 13:39 . 2011-10-28 13:39 -------- d-----w- c:\program files\CPUID
2011-10-28 12:42 . 2011-10-28 12:42 -------- d-----w- c:\program files\Motorola
2011-10-27 00:41 . 2006-11-01 16:48 89088 ----a-w- c:\windows\system32\ATL71(2).DLL
2011-10-27 00:41 . 2006-11-01 16:48 1060864 ----a-w- c:\windows\system32\MFC71(2).DLL
2011-10-27 00:41 . 2005-12-19 13:08 44032 ----a-w- c:\windows\system32\wltrynt(2).dll
2011-10-27 00:41 . 2005-12-19 13:08 69632 ----a-w- c:\windows\system32\bcmwlpkt(2).dll
2011-10-27 00:41 . 2005-12-19 13:08 18944 ----a-w- c:\windows\system32\WLTRYSVC(2).EXE
2011-10-27 00:41 . 2005-12-19 13:08 1200128 ----a-w- c:\windows\system32\BCMWLTRY(2).EXE
2011-10-27 00:41 . 2005-12-19 13:08 757760 ----a-w- c:\windows\system32\bcm1xsup(2).dll
2011-10-27 00:41 . 2011-10-27 00:41 -------- d-----w- c:\program files\Dell
2011-10-26 22:21 . 2011-10-26 22:54 -------- d-----w- c:\windows\system32\NtmsData
2011-10-25 20:01 . 2011-10-28 22:45 -------- d-----w- c:\documents and settings\Administrator
2011-10-24 03:01 . 2011-10-24 03:01 388096 ----a-r- c:\documents and settings\Mason\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-24 03:01 . 2011-10-24 03:01 -------- d-----w- c:\program files\Trend Micro
2011-10-24 02:23 . 2011-10-29 19:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2011-10-24 02:18 . 2011-10-24 02:18 -------- d-----w- c:\documents and settings\Mason\Application Data\Malwarebytes
2011-10-24 02:15 . 2011-10-24 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-23 22:35 . 2011-10-24 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\mN01677NfLdC01677
2011-10-23 22:35 . 2011-10-23 22:35 -------- d-----w- c:\documents and settings\Mason\Application Data\NaaamHH5sWJf8T
2011-10-23 22:35 . 2011-10-25 02:16 -------- d-sh--w- c:\documents and settings\Mason\Local Settings\Application Data\b5f35acc
2011-10-17 22:25 . 2011-10-17 22:25 -------- d-----w- c:\program files\iPod
2011-10-17 22:24 . 2011-10-17 22:26 -------- d-----w- c:\program files\iTunes
2011-10-17 22:17 . 2011-10-17 22:17 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 22:48 . 2010-05-08 21:20 90112 ----a-w- c:\windows\DUMP6a43.tmp
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\bdgf.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\rqpc.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\rlbx.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\kbmp.exe
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-26 20:38 . 2011-07-07 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 22:53 . 2011-10-01 22:53 134104 ----a-w-  c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Frances\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:4b956aae0e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [04/05/2004 1:26 AM 80384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 cpuz135;cpuz135;\??\c:\windows\system32\drivers\cpuz135_x32.sys --> c:\windows\system32\drivers\cpuz135_x32.sys [?]
S2 MySQL2;MySQL2;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.5\my.ini" MySQL2 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-03 c:\windows\Tasks\User_Feed_Synchronization-{1AFFE311-42B8-4FEF-87DA-08F629C936DC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.1stopfantasyhockey.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 64.71.255.198
FF - ProfilePath - c:\documents and settings\Mason\Application Data\Mozilla\Firefox\Profiles\ez9ifev9.default\
FF - prefs.js: browser.startup.homepage - hxxp://1stopfantasyhockey.com/|http://games.espn.go.com/ffl/league...|http://z11.************.com/SFFHL/index.php?
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-RRT-Auto - c:\documents and settings\Mason\Desktop\Sergiwa RRT.exe
Notify-winveg32 - winveg32.dll
SafeBoot-klmdb.sys
AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL2]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL2"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-03 17:30:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-03 21:30
.
Pre-Run: 25,400,991,744 bytes free
Post-Run: 26,833,772,544 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7B2C1AFDF9E59443720DE6DD7279E2FF


----------



## lfchockey (Oct 28, 2011)

HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:20 PM, on 03/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Mason\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1stopfantasyhockey.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: MySQL2 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 5073 bytes


----------



## lfchockey (Oct 28, 2011)

Some weird things still going on:
When I start my computer the DHCP doesn't start automatically (although that is the setting). I can easily start it manually and it works fine so definitely not the end of the world compared to where I was before.
The MS Installer doesn't work anymore and can't be found.
I seemed to have lost Internet Explorer somewhere along the way. I downloaded IE8 but there are no icons/shortcuts to start it. It must be set as my default browser because a couple of times it loaded pages


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
http://forums.techguy.org/networking/1024433-unending-acquiring-network-address-please-2.html#post8138983

Collect::
c:\documents and settings\All Users\Application Data\bdgf.exe
c:\documents and settings\All Users\Application Data\rqpc.exe
c:\documents and settings\All Users\Application Data\rlbx.exe
c:\documents and settings\All Users\Application Data\kbmp.exe

Folder::
c:\documents and settings\All Users\Application Data\mN01677NfLdC01677
c:\documents and settings\Mason\Application Data\NaaamHH5sWJf8T
c:\documents and settings\Mason\Local Settings\Application Data\b5f35ac
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*

***Note** *

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.


----------



## lfchockey (Oct 28, 2011)

So, I re-installed Avast and did a full system scan and then another system scan on startup and it found some Trojans etc and I handled those.

I then ran the CFScript and here is the log:
ComboFix 11-11-03.03 - Mason 04/11/2011 8:02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.654 [GMT -4:00]
Running from: c:\documents and settings\Mason\Desktop\Puppy.exe
Command switches used :: c:\documents and settings\Mason\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\documents and settings\All Users\Application Data\bdgf.exe
file zipped: c:\documents and settings\All Users\Application Data\kbmp.exe
file zipped: c:\documents and settings\All Users\Application Data\rlbx.exe
file zipped: c:\documents and settings\All Users\Application Data\rqpc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\mN01677NfLdC01677
c:\documents and settings\All Users\Application Data\mN01677NfLdC01677\mN01677NfLdC01677
c:\documents and settings\Mason\Application Data\NaaamHH5sWJf8T
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-03 22:01 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-03 22:01 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-03 22:01 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-03 22:01 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-03 22:01 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-03 22:01 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-03 22:01 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-03 22:01 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-03 22:01 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-03 22:01 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-03 22:00 . 2011-11-03 22:00 -------- d-----w- c:\program files\AVAST Software
2011-11-03 22:00 . 2011-11-03 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-02 12:31 . 2011-08-17 13:41 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-11-02 12:31 . 2011-08-17 13:41 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-31 15:22 . 2011-10-31 15:22 -------- d-----w- C:\RRTVAULT
2011-10-30 15:09 . 2011-10-30 15:09 -------- d-----w- c:\documents and settings\Mason\Application Data\GlarySoft
2011-10-30 15:08 . 2011-11-02 22:34 -------- d-----w- c:\program files\Glarysoft
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- c:\documents and settings\Mason\Application Data\DriverCure
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- c:\documents and settings\Mason\Application Data\ParetoLogic
2011-10-30 14:37 . 2011-11-02 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-10-29 18:57 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-10-29 18:57 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-10-29 18:57 . 2001-08-18 02:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-10-29 18:57 . 2001-08-18 02:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-10-29 18:57 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-10-29 18:57 . 2001-08-18 02:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-10-29 18:57 . 2001-08-18 02:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2011-10-29 18:57 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-10-29 16:07 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-29 16:06 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-29 16:06 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-29 16:06 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-29 16:06 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-29 16:06 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-29 16:06 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-29 16:06 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-29 16:06 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-29 16:06 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-29 16:05 . 2008-04-14 04:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-29 16:05 . 2008-04-14 02:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-29 16:05 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-29 16:05 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-29 16:05 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-29 16:05 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-10-29 16:05 . 2001-08-17 17:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-10-29 16:05 . 2008-04-14 04:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-10-29 16:05 . 2008-04-14 02:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-10-29 16:05 . 2001-08-17 16:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-10-29 16:04 . 2008-04-14 02:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2011-10-29 16:04 . 2001-08-17 16:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2011-10-29 16:04 . 2001-08-17 16:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2011-10-29 16:04 . 2001-08-17 16:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2011-10-29 16:04 . 2001-08-17 17:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-10-29 16:04 . 2001-08-17 17:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-29 16:04 . 2001-08-17 17:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-29 16:03 . 2001-08-17 16:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-29 16:03 . 2001-08-17 17:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-29 16:03 . 2008-04-14 04:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2011-10-29 16:03 . 2008-04-14 09:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-29 16:03 . 2001-08-17 17:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-29 16:03 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-29 16:03 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-29 16:03 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-29 16:03 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-29 16:03 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-29 16:03 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-29 16:01 . 2001-08-17 17:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-10-29 16:01 . 2001-08-17 16:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-29 16:01 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-10-29 16:01 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-10-29 16:01 . 2001-08-17 18:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-10-29 16:01 . 2001-08-17 16:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-10-29 16:01 . 2001-08-17 18:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-10-29 16:01 . 2001-08-17 16:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-10-29 16:01 . 2001-08-18 02:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-10-29 16:01 . 2008-04-14 09:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-10-29 16:01 . 2001-08-18 02:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-10-29 16:00 . 2001-08-17 17:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-10-29 16:00 . 2001-08-17 18:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-10-29 16:00 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-10-29 16:00 . 2001-08-17 16:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-10-29 16:00 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-29 16:00 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-29 16:00 . 2001-08-17 18:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-29 16:00 . 2008-04-14 04:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-29 16:00 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-29 15:59 . 2001-08-17 16:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-29 15:59 . 2001-08-17 17:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-29 15:59 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-29 15:59 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-29 15:59 . 2001-08-17 18:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-29 15:59 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-29 15:59 . 2001-08-17 18:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-29 15:59 . 2001-08-17 18:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-10-29 15:59 . 2001-08-17 18:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-10-29 15:59 . 2001-08-18 02:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-10-29 15:59 . 2001-08-17 17:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-10-29 15:57 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-29 15:57 . 2001-08-17 18:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-10-29 15:57 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 15:57 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-10-29 15:57 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-10-29 15:57 . 2001-08-17 16:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-10-29 15:57 . 2001-08-17 17:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-10-29 15:57 . 2008-04-14 04:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-10-29 15:57 . 2001-08-17 17:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-10-29 15:57 . 2001-08-17 16:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-10-29 15:57 . 2001-08-17 18:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-29 15:56 . 2001-08-17 16:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-10-29 15:56 . 2001-08-17 16:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-10-29 15:56 . 2001-08-17 16:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-10-29 15:56 . 2001-08-17 17:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-10-29 15:56 . 2008-04-14 04:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-10-29 15:56 . 2008-04-14 04:06 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-10-29 15:56 . 2001-08-18 02:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-10-29 15:56 . 2001-08-18 02:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-10-29 15:56 . 2001-08-18 02:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-10-29 15:56 . 2001-08-18 02:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-10-29 15:56 . 2008-04-14 02:05 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-10-29 15:54 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 22:48 . 2010-05-08 21:20 90112 ----a-w- c:\windows\DUMP6a43.tmp
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\bdgf.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\rqpc.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\rlbx.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\kbmp.exe
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-26 20:38 . 2011-07-07 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-10-01 22:53 . 2011-10-01 22:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_21.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-20 17:06 45568 c:\windows\system32\dnsrslvr.dll
- 2004-08-04 12:00 . 2009-04-20 17:17 45568 c:\windows\system32\dnsrslvr.dll
- 2010-05-09 17:16 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-05-09 17:16 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 12:00 . 2011-09-26 15:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-05-09 17:16 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-05-09 17:16 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-20 17:06 45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2004-08-04 12:00 . 2009-04-20 17:17 45568 c:\windows\system32\dllcache\dnsrslvr.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-06-20 16:02 245248 c:\windows\system32\mswsock.dll
+ 2004-08-04 12:00 . 2008-06-20 17:43 245248 c:\windows\system32\mswsock.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2010-05-08 21:32 . 2011-11-04 11:50 270984 c:\windows\system32\FNTCACHE.DAT
- 2010-05-08 21:32 . 2011-08-29 12:48 270984 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00 . 2010-02-11 11:36 226880 c:\windows\system32\drivers\tcpip6.sys
- 2004-08-04 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 12:00 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\tcpip.sys
+ 2004-08-04 12:00 . 2011-03-03 06:53 149504 c:\windows\system32\dnsapi.dll
- 2004-08-04 12:00 . 2011-03-03 06:55 149504 c:\windows\system32\dnsapi.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 916480 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2010-02-11 11:36 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 12:00 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2004-08-04 12:00 . 2011-09-26 15:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2008-06-20 17:43 245248 c:\windows\system32\dllcache\mswsock.dll
- 2004-08-04 12:00 . 2008-06-20 16:02 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-05-09 17:16 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-05-09 17:16 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-05-09 17:16 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-05-09 17:16 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
- 2011-02-13 01:51 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2011-02-13 01:51 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2011-03-03 06:53 149504 c:\windows\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00 . 2011-03-03 06:55 149504 c:\windows\system32\dllcache\dnsapi.dll
+ 2004-08-04 12:00 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
- 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 12:00 . 2010-02-12 04:27 100864 c:\windows\system32\dllcache\6to4svc.dll
- 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2004-08-04 12:00 . 2010-02-12 04:27 100864 c:\windows\system32\6to4svc.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-11-04 11:39 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-11-04 11:39 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-11-04 11:39 . 2011-06-23 18:36 206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-11-04 11:39 . 2011-06-23 12:05 173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2010-05-09 18:09 . 2008-06-20 11:08 225856 c:\windows\$NtUninstallKB978338_1$\tcpip6.sys
+ 2010-05-09 18:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338_1$\spuninst\updspapi.dll
+ 2010-05-09 18:09 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338_1$\spuninst\spuninst.exe
+ 2010-05-09 18:09 . 2008-04-14 00:11 100352 c:\windows\$NtUninstallKB978338_1$\6to4svc.dll
- 2010-05-09 18:09 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\spuninst\updspapi.dll
- 2010-05-09 18:09 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst\spuninst.exe
+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2011-09-06 13:20 1858944 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2011-10-03 08:35 5971456 c:\windows\system32\dllcache\mshtml.dll
+ 2010-05-09 17:16 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-11-04 11:39 . 2011-07-25 15:17 5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2010-05-09 17:14 . 2011-10-05 14:09 48324552 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
- 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2010-05-09 17:16 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2010-05-09 17:16 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-11-04 11:39 . 2011-06-23 18:36 11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Frances\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/11/2011 6:01 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2011 6:01 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2011 6:01 PM 20568]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [04/05/2004 1:26 AM 80384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 cpuz135;cpuz135;\??\c:\windows\system32\drivers\cpuz135_x32.sys --> c:\windows\system32\drivers\cpuz135_x32.sys [?]
S2 MySQL2;MySQL2;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.5\my.ini" MySQL2 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-03 c:\windows\Tasks\User_Feed_Synchronization-{1AFFE311-42B8-4FEF-87DA-08F629C936DC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.1stopfantasyhockey.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.10.1.9
FF - ProfilePath - c:\documents and settings\Mason\Application Data\Mozilla\Firefox\Profiles\ez9ifev9.default\
FF - prefs.js: browser.startup.homepage - hxxp://1stopfantasyhockey.com/|http://games.espn.go.com/ffl/league...|http://z11.************.com/SFFHL/index.php?
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 08:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL2]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL2"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2880)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-04 08:26:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 12:26
ComboFix2.txt 2011-11-03 21:30
.
Pre-Run: 27,166,638,080 bytes free
Post-Run: 27,151,794,176 bytes free
.
- - End Of File - - 22DD70CA0DFE8D1130466DE9C2C83C5D


----------



## lfchockey (Oct 28, 2011)

Here is the HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:07 AM, on 04/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mason\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1stopfantasyhockey.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: MySQL2 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
--
End of file - 5639 bytes


----------



## Cookiegal (Aug 27, 2003)

For some reason the files didn't get deleted so let's try this again with a new script please.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\documents and settings\All Users\Application Data\bdgf.exe
c:\documents and settings\All Users\Application Data\rqpc.exe
c:\documents and settings\All Users\Application Data\rlbx.exe
c:\documents and settings\All Users\Application Data\kbmp.exe
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## lfchockey (Oct 28, 2011)

Did you want me to post a Hijack This log as well?

ComboFix 11-11-04.04 - Mason 04/11/2011 19:30:07.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.554 [GMT -4:00]
Running from: c:\documents and settings\Mason\Desktop\Puppy.exe
Command switches used :: c:\documents and settings\Mason\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\All Users\Application Data\bdgf.exe"
"c:\documents and settings\All Users\Application Data\kbmp.exe"
"c:\documents and settings\All Users\Application Data\rlbx.exe"
"c:\documents and settings\All Users\Application Data\rqpc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-03 22:01 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-03 22:01 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-03 22:01 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-03 22:01 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-03 22:01 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-03 22:01 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-03 22:01 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-03 22:01 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-03 22:01 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-03 22:01 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-03 22:00 . 2011-11-03 22:00 -------- d-----w- c:\program files\AVAST Software
2011-11-03 22:00 . 2011-11-03 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-11-02 12:31 . 2011-08-17 13:41 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-11-02 12:31 . 2011-08-17 13:41 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-31 15:22 . 2011-10-31 15:22 -------- d-----w- C:\RRTVAULT
2011-10-30 15:09 . 2011-10-30 15:09 -------- d-----w- c:\documents and settings\Mason\Application Data\GlarySoft
2011-10-30 15:08 . 2011-11-02 22:34 -------- d-----w- c:\program files\Glarysoft
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- c:\documents and settings\Mason\Application Data\DriverCure
2011-10-30 14:38 . 2011-10-30 14:38 -------- d-----w- c:\documents and settings\Mason\Application Data\ParetoLogic
2011-10-30 14:37 . 2011-11-02 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-10-29 18:57 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-10-29 18:57 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-10-29 18:57 . 2001-08-18 02:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-10-29 18:57 . 2001-08-18 02:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-10-29 18:57 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-10-29 18:57 . 2001-08-18 02:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-10-29 18:57 . 2001-08-18 02:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2011-10-29 18:57 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-10-29 16:07 . 2008-04-14 09:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-29 16:06 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-29 16:06 . 2008-04-14 09:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-29 16:06 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-29 16:06 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-29 16:06 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-29 16:06 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-29 16:06 . 2008-04-14 02:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-29 16:06 . 2008-04-14 02:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-29 16:06 . 2008-04-14 09:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-29 16:05 . 2008-04-14 04:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-29 16:05 . 2008-04-14 02:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-29 16:05 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-29 16:05 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-29 16:05 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-29 16:05 . 2001-08-18 02:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-10-29 16:05 . 2001-08-17 17:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-10-29 16:05 . 2008-04-14 04:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-10-29 16:05 . 2008-04-14 02:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-10-29 16:05 . 2001-08-17 16:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-10-29 16:04 . 2008-04-14 02:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2011-10-29 16:04 . 2008-04-14 02:04 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2011-10-29 16:04 . 2001-08-17 16:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2011-10-29 16:04 . 2001-08-17 16:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2011-10-29 16:04 . 2001-08-17 16:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2011-10-29 16:04 . 2001-08-17 17:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2011-10-29 16:04 . 2001-08-17 17:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-29 16:04 . 2001-08-17 17:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-29 16:03 . 2001-08-17 16:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-29 16:03 . 2001-08-17 17:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-29 16:03 . 2008-04-14 04:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2011-10-29 16:03 . 2008-04-14 09:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-29 16:03 . 2001-08-17 17:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-29 16:03 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-29 16:03 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-29 16:03 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-29 16:03 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-29 16:03 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-29 16:03 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-10-29 16:01 . 2001-08-17 17:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-10-29 16:01 . 2001-08-17 16:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-29 16:01 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-10-29 16:01 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-10-29 16:01 . 2001-08-17 18:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-10-29 16:01 . 2001-08-17 16:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-10-29 16:01 . 2001-08-17 18:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-10-29 16:01 . 2001-08-17 16:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-10-29 16:01 . 2001-08-18 02:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-10-29 16:01 . 2008-04-14 09:42 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-10-29 16:01 . 2001-08-18 02:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-10-29 16:00 . 2001-08-17 17:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2011-10-29 16:00 . 2001-08-17 18:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-10-29 16:00 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-10-29 16:00 . 2001-08-17 16:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-10-29 16:00 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-10-29 16:00 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-29 16:00 . 2001-08-17 18:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-10-29 16:00 . 2008-04-14 04:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-10-29 16:00 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-10-29 15:59 . 2001-08-17 16:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-10-29 15:59 . 2001-08-17 17:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-10-29 15:59 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-10-29 15:59 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-10-29 15:59 . 2001-08-17 18:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-10-29 15:59 . 2001-08-17 18:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-10-29 15:59 . 2001-08-17 18:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-10-29 15:59 . 2001-08-17 18:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-10-29 15:59 . 2001-08-17 18:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-10-29 15:59 . 2001-08-18 02:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-10-29 15:59 . 2001-08-17 17:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-10-29 15:57 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-29 15:57 . 2001-08-17 18:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-10-29 15:57 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 15:57 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-10-29 15:57 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-10-29 15:57 . 2001-08-17 16:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-10-29 15:57 . 2001-08-17 17:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-10-29 15:57 . 2008-04-14 04:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-10-29 15:57 . 2001-08-17 17:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-10-29 15:57 . 2001-08-17 16:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-10-29 15:57 . 2001-08-17 18:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-10-29 15:56 . 2001-08-17 16:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-10-29 15:56 . 2001-08-17 16:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-10-29 15:56 . 2001-08-17 16:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-10-29 15:56 . 2001-08-17 17:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-10-29 15:56 . 2008-04-14 04:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-10-29 15:56 . 2008-04-14 04:06 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-10-29 15:56 . 2001-08-18 02:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-10-29 15:56 . 2001-08-18 02:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-10-29 15:56 . 2001-08-18 02:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-10-29 15:56 . 2001-08-18 02:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2011-10-29 15:56 . 2008-04-14 02:05 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2011-10-29 15:54 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 22:48 . 2010-05-08 21:20 90112 ----a-w- c:\windows\DUMP6a43.tmp
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\bdgf.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\rqpc.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\rlbx.exe
2011-09-05 00:42 . 2011-09-05 00:42 0 ----a-w- c:\documents and settings\All Users\Application Data\kbmp.exe
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-26 20:38 . 2011-07-07 11:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-10-01 22:53 . 2011-10-01 22:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Frances\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03/11/2011 6:01 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2011 6:01 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2011 6:01 PM 20568]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [04/05/2004 1:26 AM 80384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 cpuz135;cpuz135;\??\c:\windows\system32\drivers\cpuz135_x32.sys --> c:\windows\system32\drivers\cpuz135_x32.sys [?]
S2 MySQL2;MySQL2;"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="c:\program files\MySQL\MySQL Server 5.5\my.ini" MySQL2 --> c:\program files\MySQL\MySQL Server 5.5\bin\mysqld [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-11-04 c:\windows\Tasks\User_Feed_Synchronization-{1AFFE311-42B8-4FEF-87DA-08F629C936DC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.1stopfantasyhockey.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 64.71.255.198
FF - ProfilePath - c:\documents and settings\Mason\Application Data\Mozilla\Firefox\Profiles\ez9ifev9.default\
FF - prefs.js: browser.startup.homepage - hxxp://1stopfantasyhockey.com/|http://games.espn.go.com/ffl/league...|http://z11.************.com/SFFHL/index.php?
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL2]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL2"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(680)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2011-11-04 19:47:53
ComboFix-quarantined-files.txt 2011-11-04 23:47
ComboFix2.txt 2011-11-04 12:26
ComboFix3.txt 2011-11-03 21:30
.
Pre-Run: 27,024,080,896 bytes free
Post-Run: 27,011,944,448 bytes free
.
- - End Of File - - EF0D17D520DEAFD9B2DF0F44E622B531


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## lfchockey (Oct 28, 2011)

Here is the OTS log (do you ever sleep :


----------



## Cookiegal (Aug 27, 2003)

Going to right now so I'll check that log tomorrow.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{472734EA-242A-422b-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Mason\Application Data\Mozilla\FireFox\Profiles\ez9ifev9.default\prefs.js
YN -> extensions.enabledItems -> [email protected]:1.0.0
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20]
[Files/Folders - Created Within 30 Days]
NY ->  b5f35acc -> C:\Documents and Settings\Mason\Local Settings\Application Data\b5f35acc
NY ->  7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  3428512693 -> C:\WINDOWS\3428512693
NY ->  7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files - No Company Name]
NY ->  3428512693 -> C:\WINDOWS\3428512693
NY ->  8pe04wg4478v8tu868y81482tsfgo3772 -> C:\Documents and Settings\Mason\Local Settings\Application Data\8pe04wg4478v8tu868y81482tsfgo3772
NY ->  8pe04wg4478v8tu868y81482tsfgo3772 -> C:\Documents and Settings\All Users\Application Data\8pe04wg4478v8tu868y81482tsfgo3772
NY ->  8o7ol87dkowxfrs307m51k18sxxf4064pyj3xu6iato1m30 -> C:\Documents and Settings\Mason\Local Settings\Application Data\8o7ol87dkowxfrs307m51k18sxxf4064pyj3xu6iato1m30
NY ->  8o7ol87dkowxfrs307m51k18sxxf4064pyj3xu6iato1m30 -> C:\Documents and Settings\All Users\Application Data\8o7ol87dkowxfrs307m51k18sxxf4064pyj3xu6iato1m30
NY ->  bdgf.exe -> C:\Documents and Settings\All Users\Application Data\bdgf.exe
NY ->  rqpc.exe -> C:\Documents and Settings\All Users\Application Data\rqpc.exe
NY ->  rlbx.exe -> C:\Documents and Settings\All Users\Application Data\rlbx.exe
NY ->  kbmp.exe -> C:\Documents and Settings\All Users\Application Data\kbmp.exe
[Empty Temp Folders]
[Start Explorer]
```


----------



## lfchockey (Oct 28, 2011)

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Prefs.js: vshare[email protected]:1.0.0 removed from extensions.enabledItems
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\Mason\Local Settings\Application Data\b5f35acc\U folder moved successfully.
C:\Documents and Settings\Mason\Local Settings\Application Data\b5f35acc folder moved successfully.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\002869_.tmp deleted successfully.
C:\WINDOWS\DUMP6a43.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1B6.tmp deleted successfully.
C:\WINDOWS\System32\SET1B7.tmp deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\3428512693 moved successfully.
[Files - No Company Name]
File C:\WINDOWS\3428512693 not found!
C:\Documents and Settings\Mason\Local Settings\Application Data\8pe04wg4478v8tu868y81482tsfgo3772 moved successfully.
C:\Documents and Settings\All Users\Application Data\8pe04wg4478v8tu868y81482tsfgo3772 moved successfully.
C:\Documents and Settings\Mason\Local Settings\Application Data\8o7ol87dkowxfrs307m51k18sxxf4064pyj3xu6iato1m30 moved successfully.
C:\Documents and Settings\All Users\Application Data\8o7ol87dkowxfrs307m51k18sxxf4064pyj3xu6iato1m30 moved successfully.
C:\Documents and Settings\All Users\Application Data\bdgf.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\rqpc.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\rlbx.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\kbmp.exe moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2036 bytes
->FireFox cache emptied: 5977335 bytes
->Flash cache emptied: 56468 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Frances
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 253267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58067832 bytes
->Flash cache emptied: 5944 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2387 bytes

User: Mason
->Temp folder emptied: 313029 bytes
->Temporary Internet Files folder emptied: 10556813 bytes
->Java cache emptied: 4290446 bytes
->FireFox cache emptied: 71368593 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 1813 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 45298 bytes
->Flash cache emptied: 62375 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2694123 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 22827196 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 199555 bytes

Total Files Cleaned = 169.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 11062011_124959
Files\Folders moved on Reboot...
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\T9Z9FI2S\1024433-unending-acquiring-network-address-please-4[1].html moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\T9Z9FI2S\ads[1].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\T9Z9FI2S\ads[2].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\T9Z9FI2S\index[2].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\T9Z9FI2S\javaindos[1].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\T9Z9FI2S\like[2].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\PUQTTP10\login_status[1].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\PUQTTP10\scoreboard[1].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\PUQTTP10\uol[3].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\689KYQSN\index[1].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\689KYQSN\request_ad[1].htm moved successfully.
C:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...


----------



## lfchockey (Oct 28, 2011)

Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:01 PM, on 06/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mason\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1stopfantasyhockey.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MySQL2 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
--
End of file - 5906 bytes


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## lfchockey (Oct 28, 2011)

Application Errors:

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11706
Date: 06/11/2011
Time: 1:10:47 PM
User: NT AUTHORITY\SYSTEM
Computer: BLACKHOME
Description:
The description for Event ID ( 11706 ) in Source ( MsiInstaller ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Product: Microsoft SQL Server VSS Writer -- Error 1706. An installation package for the product Microsoft SQL Server VSS Writer cannot be found. Try the installation again using a valid copy of the installation package 'sqlwriter.msi'., (NULL), (NULL), (NULL), (NULL), , .
Data:
0000: 7b 45 37 30 38 34 42 38 {E7084B8
0008: 39 2d 36 39 45 30 2d 34 9-69E0-4
0010: 36 42 33 2d 41 31 31 38 6B3-A118
0018: 2d 38 46 39 39 44 30 36 -8F99D06
0020: 39 38 38 43 44 7d 988CD}

Event Type: Error
Event Source: .NET Runtime Optimization Service
Event Category: None
Event ID: 1103
Date: 05/11/2011
Time: 7:49:11 PM
User: N/A
Computer: BLACKHOME
Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: MSSQL$MSSMLBIZ
Event Category: (2)
Event ID: 5118
Date: 05/11/2011
Time: 8:54:20 AM
User: N/A
Computer: BLACKHOME
Description:
The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: fe 13 00 00 10 00 00 00 þ.......
0008: 13 00 00 00 42 00 4c 00 ....B.L.
0010: 41 00 43 00 4b 00 48 00 A.C.K.H.
0018: 4f 00 4d 00 45 00 5c 00 O.M.E.\.
0020: 4d 00 53 00 53 00 4d 00 M.S.S.M.
0028: 4c 00 42 00 49 00 5a 00 L.B.I.Z.
0030: 00 00 00 00 00 00 ......

Event Type: Error
Event Source: MSSQL$MSSMLBIZ
Event Category: (2)
Event ID: 5118
Date: 05/11/2011
Time: 8:54:20 AM
User: N/A
Computer: BLACKHOME
Description:
The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: fe 13 00 00 10 00 00 00 þ.......
0008: 13 00 00 00 42 00 4c 00 ....B.L.
0010: 41 00 43 00 4b 00 48 00 A.C.K.H.
0018: 4f 00 4d 00 45 00 5c 00 O.M.E.\.
0020: 4d 00 53 00 53 00 4d 00 M.S.S.M.
0028: 4c 00 42 00 49 00 5a 00 L.B.I.Z.
0030: 00 00 00 00 00 00 ......

Event Type: Error
Event Source: HotFixInstaller
Event Category: None
Event ID: 5000
Date: 04/11/2011
Time: 7:02:52 PM
User: N/A
Computer: BLACKHOME
Description:
EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2572073, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10 0.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 76 00 69 00 73 00 75 00 v.i.s.u.
0008: 61 00 6c 00 73 00 74 00 a.l.s.t.
0010: 75 00 64 00 69 00 6f 00 u.d.i.o.
0018: 38 00 73 00 65 00 74 00 8.s.e.t.
0020: 75 00 70 00 2c 00 20 00 u.p.,. .
0028: 6d 00 69 00 63 00 72 00 m.i.c.r.
0030: 6f 00 73 00 6f 00 66 00 o.s.o.f.
0038: 74 00 20 00 2e 00 6e 00 t. ...n.
0040: 65 00 74 00 20 00 66 00 e.t. .f.
0048: 72 00 61 00 6d 00 65 00 r.a.m.e.
0050: 77 00 6f 00 72 00 6b 00 w.o.r.k.
0058: 20 00 32 00 2e 00 30 00 .2...0.
0060: 2d 00 6b 00 62 00 32 00 -.k.b.2.
0068: 35 00 37 00 32 00 30 00 5.7.2.0.
0070: 37 00 33 00 2c 00 20 00 7.3.,. .
0078: 31 00 30 00 33 00 33 00 1.0.3.3.
0080: 2c 00 20 00 31 00 36 00 ,. .1.6.
0088: 30 00 31 00 2c 00 20 00 0.1.,. .
0090: 6d 00 73 00 69 00 2c 00 m.s.i.,.
0098: 20 00 66 00 2c 00 20 00 .f.,. .
00a0: 39 00 2e 00 30 00 2e 00 9...0...
00a8: 34 00 30 00 32 00 31 00 4.0.2.1.
00b0: 35 00 2e 00 30 00 2c 00 5...0.,.
00b8: 20 00 69 00 6e 00 73 00 .i.n.s.
00c0: 74 00 61 00 6c 00 6c 00 t.a.l.l.
00c8: 2c 00 20 00 78 00 38 00 ,. .x.8.
00d0: 36 00 2c 00 20 00 78 00 6.,. .x.
00d8: 70 00 20 00 30 00 0d 00 p. .0...
00e0: 0a 00 ..

Event Type: Error
Event Source: VSSetup
Event Category: None
Event ID: 5000
Date: 04/11/2011
Time: 7:01:22 PM
User: N/A
Computer: BLACKHOME
Description:
EventType vssetup, P1 kb2572078, P2 10.0.30319, P3 10.0.30319.239, P4 1, P5 ndp40-kb2572078.msp, P6 install_i_silent_error, P7 1601, P8 0, P9 , P10 NIL.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 76 00 73 00 73 00 65 00 v.s.s.e.
0008: 74 00 75 00 70 00 2c 00 t.u.p.,.
0010: 20 00 6b 00 62 00 32 00 .k.b.2.
0018: 35 00 37 00 32 00 30 00 5.7.2.0.
0020: 37 00 38 00 2c 00 20 00 7.8.,. .
0028: 31 00 30 00 2e 00 30 00 1.0...0.
0030: 2e 00 33 00 30 00 33 00 ..3.0.3.
0038: 31 00 39 00 2c 00 20 00 1.9.,. .
0040: 31 00 30 00 2e 00 30 00 1.0...0.
0048: 2e 00 33 00 30 00 33 00 ..3.0.3.
0050: 31 00 39 00 2e 00 32 00 1.9...2.
0058: 33 00 39 00 2c 00 20 00 3.9.,. .
0060: 31 00 2c 00 20 00 6e 00 1.,. .n.
0068: 64 00 70 00 34 00 30 00 d.p.4.0.
0070: 2d 00 6b 00 62 00 32 00 -.k.b.2.
0078: 35 00 37 00 32 00 30 00 5.7.2.0.
0080: 37 00 38 00 2e 00 6d 00 7.8...m.
0088: 73 00 70 00 2c 00 20 00 s.p.,. .
0090: 69 00 6e 00 73 00 74 00 i.n.s.t.
0098: 61 00 6c 00 6c 00 5f 00 a.l.l._.
00a0: 69 00 5f 00 73 00 69 00 i._.s.i.
00a8: 6c 00 65 00 6e 00 74 00 l.e.n.t.
00b0: 5f 00 65 00 72 00 72 00 _.e.r.r.
00b8: 6f 00 72 00 2c 00 20 00 o.r.,. .
00c0: 31 00 36 00 30 00 31 00 1.6.0.1.
00c8: 2c 00 20 00 30 00 2c 00 ,. .0.,.
00d0: 20 00 20 00 20 00 4e 00 . . .N.
00d8: 49 00 4c 00 0d 00 0a 00 I.L.....


----------



## lfchockey (Oct 28, 2011)

System Errors (I can start DHCP manually):

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 06/11/2011
Time: 4:29:28 PM
User: N/A
Computer: BLACKHOME
Description:
The following boot-start or system-start driver(s) failed to load: 
AFD
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 06/11/2011
Time: 4:29:26 PM
User: N/A
Computer: BLACKHOME
Description:
The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: 
%%0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 06/11/2011
Time: 4:29:26 PM
User: N/A
Computer: BLACKHOME
Description:
The MySQL2 service failed to start due to the following error: 
The system cannot find the path specified. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 06/11/2011
Time: 4:29:26 PM
User: N/A
Computer: BLACKHOME
Description:
The cpuz135 service failed to start due to the following error: 
The system cannot find the file specified. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 06/11/2011
Time: 4:29:26 PM
User: N/A
Computer: BLACKHOME
Description:
The Dell Wireless WLAN Tray Service service failed to start due to the following error: 
The system cannot find the file specified. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 06/11/2011
Time: 4:29:26 PM
User: N/A
Computer: BLACKHOME
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 06/11/2011
Time: 4:29:26 PM
User: N/A
Computer: BLACKHOME
Description:
The DHCP Client service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning. 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Windows Update Agent
Event Category: Installation 
Event ID: 20
Date: 06/11/2011
Time: 1:11:03 PM
User: N/A
Computer: BLACKHOME
Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 36 34 33 20 0070643 
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 34 38 46 37 45 33 ={48F7E3
0028: 42 37 2d 32 43 38 46 2d B7-2C8F-
0030: 34 39 30 30 2d 41 45 33 4900-AE3
0038: 32 2d 46 33 44 38 46 32 2-F3D8F2
0040: 39 43 39 38 38 44 7d 20 9C988D} 
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 31 20 00 01 .

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 06/11/2011
Time: 12:50:01 PM
User: N/A
Computer: BLACKHOME
Description:
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 06/11/2011
Time: 12:50:01 PM
User: N/A
Computer: BLACKHOME
Description:
The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Are you having trouble with your Internet connection again?

What problems remain on the system?

Are you using MySql or did you uninstall it?


----------



## lfchockey (Oct 28, 2011)

The Internet connection is working fine for the most part. 
The only thing is that when I restart the computer it won't connect and gets hung up on the 'acquiring network address'. However, I can open up the Services and when I do the DHCP has not started automatically like it is set to do. 
I'm able to start it manually without a problem and the Internet connects as soon as I do so. It's just strange to me that it wouldn't do so automatically.

Most problems seem to have worked themselves out... except for the MYSQL error.

I did not uninstall it. I hadn't used it since before the problems with my computer began. However, now that I try to use it I'm unable to 'connect to the MYSQL server' which is a pain and could cause some problems down the road.
I help manage a couple of websites that use databases and I have set this same computer up as a local server to test everything before I post on the Internet. Obviously I can't test on my 'localhost' now that I can't connect to the DB server.

The strange thing is that I can connect to WampServer - which is the utility behind allowing the sites to run on my local machine - and it's clear that the webpages are able to get(read/write) information to and from the database without a problem. But I can't go inside and edit the MYSQL Server manually (I use MYSQL Workbench to do this).

Very Strange indeed.


----------



## lfchockey (Oct 28, 2011)

Quick update about MYSQL:
all of my Connections weren't working at all when I tried to open them. 
But now they're working fine. I think it has something to do with my WampServer being started (MYSQL started fine after Wamp was started)


----------



## Cookiegal (Aug 27, 2003)

So the only problem remaining then is that the DHCP Client not starting automatically?

Since the MySql problem seems to be fixed, can you go through the errors again and post any new ones that have occurred since then?


----------

