Inactive 8 steps... no Internet Explorer or Firefox

Status
Not open for further replies.
M

mcambron

Hey,

I've downloaded the programs to follow the 8 steps. I Can't launch IE or FF on the infected computer though, and am afraid to contaminate another computer by transfering logs. Any advice? Thanks
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Do this on GOOD computer...

Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine

Now, you're safe to move files back and forth.
 
Help needed

Hello,

Thanks for this first reply which allowed me to copy logs.

Here they are. Any help would be much appreciated! :)

Michael

ps: I still get warnings from avg.

Malwarebytes :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5155

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/11/2010 09:41:24
mbam-log-2010-11-20 (09-41-24).txt

Scan type: Quick scan
Objects scanned: 142360
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\watermark.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Michael\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft\watermark.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.


GMER :

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-20 09:47:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0085
Running: GAYMER.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\uwtiqfob.sys


---- System - GMER 1.0.15 ----

SSDT spvv.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spvv.sys ZwEnumerateValueKey [0xB9ECE132]

---- Devices - GMER 1.0.15 ----

Device \Driver\iastor \Device\Ide\iaStor0 [B9D9FD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9D53B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9D53B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D9FD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ayg0uqq1 \Device\Scsi\ayg0uqq11 8A5241F8
Device \FileSystem\Ntfs \Ntfs 8B3F51F8

---- EOF - GMER 1.0.15 ----
 

Attachments

  • mbam-log-2010-11-20 (09-41-24).txt
    1.9 KB · Views: 0
  • gmer.log
    1.3 KB · Views: 0
  • DDS.txt
    10.1 KB · Views: 0
  • Attach.txt
    24.6 KB · Views: 0
DDS


DDS (Ver_10-11-10.01) - NTFSx86
Run by Michael at 9:50:48,73 on Sat 20/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.3049 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
D:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\michael\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\od095gim.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.be/search?q=
FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\od095gim.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-24 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-24 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-24 60936]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-2-6 13440]

=============== Created Last 30 ================

2010-11-20 00:50:27 -------- d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2010-11-20 00:50:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 00:50:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 00:50:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-20 00:50:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-19 23:37:02 50992 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-11-19 18:54:53 -------- d-----w- c:\program files\Microsoft
2010-11-10 13:22:29 -------- d-----w- c:\program files\common files\PCSuite
2010-11-10 13:22:25 -------- d-----w- c:\program files\common files\Nokia
2010-11-10 13:22:18 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-11-10 13:22:13 -------- d-----w- c:\program files\PC Connectivity Solution
2010-11-10 13:21:58 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-11-10 13:21:57 -------- d-----w- c:\program files\Nokia

==================== Find3M ====================

2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 9:51:40,43 ===============
 
DDS ATTACH.TXT


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 29/12/2008 21:14:48
System Uptime: 20/11/2010 09:42:56 (0 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz | Microprocessor | 1580/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 57,661 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E93A591&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E93A591&0&00E5
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1EBB3870484FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1EBB3870484FC000
Service: NIC1394

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E70
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E70
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP257: 24/8/2010 11:41:42 - Software Distribution Service 3.0
RP258: 26/8/2010 17:39:28 - System Checkpoint
RP259: 30/8/2010 22:54:17 - Software Distribution Service 3.0
RP260: 1/9/2010 11:00:24 - System Checkpoint
RP261: 3/9/2010 15:01:45 - System Checkpoint
RP262: 5/9/2010 17:15:45 - System Checkpoint
RP263: 6/9/2010 18:23:11 - System Checkpoint
RP264: 7/9/2010 18:59:07 - System Checkpoint
RP265: 10/9/2010 09:27:05 - System Checkpoint
RP266: 13/9/2010 11:41:13 - System Checkpoint
RP267: 15/9/2010 13:25:18 - System Checkpoint
RP268: 16/9/2010 19:53:25 - System Checkpoint
RP269: 19/9/2010 14:24:50 - System Checkpoint
RP270: 20/9/2010 15:00:38 - System Checkpoint
RP271: 22/9/2010 10:19:18 - System Checkpoint
RP272: 23/9/2010 16:22:30 - SPTD setup V1.62
RP273: 23/9/2010 17:09:26 - Installed DirectX
RP274: 23/9/2010 17:27:53 - Installed NVIDIA PhysX
RP275: 25/9/2010 12:25:23 - System Checkpoint
RP276: 29/9/2010 19:23:31 - System Checkpoint
RP277: 3/10/2010 10:31:30 - Installed Microsoft Office Outlook Connector
RP278: 3/10/2010 10:38:45 - Removed NVIDIA PhysX
RP279: 3/10/2010 10:39:26 - Removed MediaCenter
RP280: 3/10/2010 15:11:21 - Software Distribution Service 3.0
RP281: 4/10/2010 18:30:11 - System Checkpoint
RP282: 5/10/2010 19:02:30 - System Checkpoint
RP283: 8/10/2010 12:26:08 - System Checkpoint
RP284: 10/10/2010 18:41:32 - System Checkpoint
RP285: 12/10/2010 17:49:12 - System Checkpoint
RP286: 13/10/2010 18:43:29 - System Checkpoint
RP287: 17/10/2010 16:50:36 - System Checkpoint
RP288: 18/10/2010 17:42:46 - System Checkpoint
RP289: 21/10/2010 21:07:15 - System Checkpoint
RP290: 26/10/2010 19:52:06 - System Checkpoint
RP291: 27/10/2010 20:05:54 - System Checkpoint
RP292: 29/10/2010 07:41:09 - System Checkpoint
RP293: 30/10/2010 08:58:17 - System Checkpoint
RP294: 31/10/2010 09:47:58 - System Checkpoint
RP295: 31/10/2010 18:20:33 - Software Distribution Service 3.0
RP296: 4/11/2010 13:08:45 - System Checkpoint
RP297: 6/11/2010 11:11:23 - System Checkpoint
RP298: 7/11/2010 14:04:34 - System Checkpoint
RP299: 8/11/2010 16:21:50 - System Checkpoint
RP300: 9/11/2010 19:54:31 - System Checkpoint
RP301: 10/11/2010 14:09:04 - Installed Samsung PC Studio 3
RP302: 10/11/2010 14:24:20 - Installed Windows XP Wudf01009.
RP303: 15/11/2010 22:29:56 - System Checkpoint
RP304: 15/11/2010 22:34:11 - Software Distribution Service 3.0
RP305: 18/11/2010 12:47:20 - System Checkpoint
RP306: 19/11/2010 13:41:45 - System Checkpoint
RP307: 19/11/2010 21:09:04 - Software Distribution Service 3.0
RP308: 19/11/2010 21:38:30 - Software Distribution Service 3.0

==== Installed Programs ======================

AC3Filter 1.63b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Avira AntiVir Personal - Free Antivirus
Belgium e-ID middleware 3.5.3 (build 6193)
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
BSPlayer
Compatibility Pack for the 2007 Office system
Dell Resource CD
Dell Touchpad
DivX Setup
Dropbox
Foxit Reader
GIMP 2.6.8
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Java(TM) 6 Update 17
K-Lite Codec Pack 4.7.5 (Full)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.15)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVC80_x86_v2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
Nokia Connectivity Cable Driver
Nokia PC Suite
Notepad++
OZ776 SCR Driver V1.1.3.9
PC Connectivity Solution
Pinnacle MediaCenter
PrimoPDF -- brought to you by Nitro PDF Software
QT Lite 3.2.2
QuickSet
RETScreen
RETScreen Version 4
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
SecureW2 TTLS Client 3.3.3 for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Sonic Activation Module
SuperCopier2
Switch Off
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VLC media player 0.9.9
VMware Workstation
WebFldrs XP
Windows Driver Package - Nokia Modem (06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

20/11/2010 01:44:43, error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:43, error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:43, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:43, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:43, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:42, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:42, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 01:44:42, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
20/11/2010 00:31:52, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The system cannot find the file specified.
19/11/2010 22:04:16, error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 22:04:11, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
19/11/2010 22:03:59, error: Service Control Manager [7034] - The VMware Virtual Mount Manager Extended service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 21:21:13, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv StarOpen Tcpip Tosrfcom
19/11/2010 21:21:13, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
19/11/2010 21:21:13, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/11/2010 21:21:13, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
19/11/2010 21:21:13, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
19/11/2010 21:20:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/11/2010 21:11:09, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/11/2010 21:11:09, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: Access is denied.
19/11/2010 20:45:37, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 20:45:08, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
19/11/2010 20:23:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
19/11/2010 20:18:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
19/11/2010 20:18:04, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
19/11/2010 20:15:42, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.0.5730.13, the version of the system file is 7.0.5730.13.
19/11/2010 20:15:42, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
19/11/2010 20:11:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
18/11/2010 09:01:22, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
16/11/2010 10:09:44, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&1825d551&0&LPT1) disappeared from the system without first being prepared for removal.
16/11/2010 10:09:44, error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPI\PNP0401\4&2f94427b&0) disappeared from the system without first being prepared for removal.
16/11/2010 10:09:31, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
16/11/2010 08:25:38, error: Print [6161] - The document Microsoft PowerPoint - TRADUCTION FRA energy forum.ppt owned by Michael failed to print on printer HP DeskJet 1220C. Data type: NT EMF 1.008. Size of the spool file in bytes: 56223000. Number of bytes printed: 19318072. Total number of pages in the document: 4. Number of pages printed: 1. Client machine: \\MICHAEL-D630. Win32 error code returned by the print processor: 0 (0x0).
15/11/2010 22:38:00, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows XP (KB956844).
15/11/2010 22:29:56, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'FoxitReade .. rences.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
15/11/2010 22:25:35, error: sptd [4] - Driver detected an internal error in its data structures for .
15/11/2010 22:25:35, error: PlugPlayManager [12] - The device 'Extended IO Bus' (ACPI\PNP0A06\3&473f1a46&0) disappeared from the system without first being prepared for removal.
15/11/2010 16:25:55, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a DHCPNACK message).
14/11/2010 21:58:09, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 19:44:54, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
14/11/2010 17:57:23, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
14/11/2010 11:43:08, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
13/11/2010 23:14:56, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
 
Status
Not open for further replies.

Similar threads

Bob O'Donnell
Intel is refining its computing vision and where it sees the PC going
Replies
6
Views
279
human7
H
D
Microsoft Outlook and Teams to open links in Edge, ignoring default browser settings in...
Replies
11
Views
1K
Hadakajime
H
S
  • Locked
Laptop repair or upgrade? No option to buy a laptop.
Replies
1
Views
3K
Kshipper
Kshipper

Latest posts

Back