TechSpot

8 steps... no Internet Explorer or Firefox

By mcambron
Nov 19, 2010
  1. Hey,

    I've downloaded the programs to follow the 8 steps. I Can't launch IE or FF on the infected computer though, and am afraid to contaminate another computer by transfering logs. Any advice? Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Do this on GOOD computer...

    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine

    Now, you're safe to move files back and forth.
     
  3. mcambron

    mcambron TS Rookie Topic Starter

    Help needed

    Hello,

    Thanks for this first reply which allowed me to copy logs.

    Here they are. Any help would be much appreciated! :)

    Michael

    ps: i still get warnings from avg.

    Malwarebytes :

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5155

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    20/11/2010 09:41:24
    mbam-log-2010-11-20 (09-41-24).txt

    Scan type: Quick scan
    Objects scanned: 142360
    Time elapsed: 7 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\watermark.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Michael\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\Microsoft\watermark.exe (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.


    GMER :

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-20 09:47:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0085
    Running: GAYMER.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\uwtiqfob.sys


    ---- System - GMER 1.0.15 ----

    SSDT spvv.sys ZwEnumerateKey [0xB9ECDDA4]
    SSDT spvv.sys ZwEnumerateValueKey [0xB9ECE132]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iastor \Device\Ide\iaStor0 [B9D9FD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B9D53B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9D53B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 [B9D9FD30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\ayg0uqq1 \Device\Scsi\ayg0uqq11 8A5241F8
    Device \FileSystem\Ntfs \Ntfs 8B3F51F8

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  4. mcambron

    mcambron TS Rookie Topic Starter

    DDS


    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Michael at 9:50:48,73 on Sat 20/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.3049 [GMT 1:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe
    mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\michael\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\michael\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\od095gim.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.google.be/search?q=
    FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\od095gim.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
    FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-24 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-24 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-24 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-24 60936]
    S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-2-6 13440]

    =============== Created Last 30 ================

    2010-11-20 00:50:27 -------- d-----w- c:\docume~1\michael\applic~1\Malwarebytes
    2010-11-20 00:50:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-20 00:50:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 00:50:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-20 00:50:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-19 23:37:02 50992 ----a-r- c:\windows\system32\vmnetbridge.dll
    2010-11-19 18:54:53 -------- d-----w- c:\program files\Microsoft
    2010-11-10 13:22:29 -------- d-----w- c:\program files\common files\PCSuite
    2010-11-10 13:22:25 -------- d-----w- c:\program files\common files\Nokia
    2010-11-10 13:22:18 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
    2010-11-10 13:22:13 -------- d-----w- c:\program files\PC Connectivity Solution
    2010-11-10 13:21:58 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
    2010-11-10 13:21:57 -------- d-----w- c:\program files\Nokia

    ==================== Find3M ====================

    2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

    ============= FINISH: 9:51:40,43 ===============
     
  5. mcambron

    mcambron TS Rookie Topic Starter

    DDS ATTACH.TXT


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 29/12/2008 21:14:48
    System Uptime: 20/11/2010 09:42:56 (0 hours ago)

    Motherboard: Dell Inc. | | 0KU184
    Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz | Microprocessor | 1580/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 57,661 GiB free.
    D: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E93A591&0&00E5
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01F91028&REV_02\4&1E93A591&0&00E5
    Service: b57w2k

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\1EBB3870484FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\1EBB3870484FC000
    Service: NIC1394

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia E70
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia E70
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP257: 24/8/2010 11:41:42 - Software Distribution Service 3.0
    RP258: 26/8/2010 17:39:28 - System Checkpoint
    RP259: 30/8/2010 22:54:17 - Software Distribution Service 3.0
    RP260: 1/9/2010 11:00:24 - System Checkpoint
    RP261: 3/9/2010 15:01:45 - System Checkpoint
    RP262: 5/9/2010 17:15:45 - System Checkpoint
    RP263: 6/9/2010 18:23:11 - System Checkpoint
    RP264: 7/9/2010 18:59:07 - System Checkpoint
    RP265: 10/9/2010 09:27:05 - System Checkpoint
    RP266: 13/9/2010 11:41:13 - System Checkpoint
    RP267: 15/9/2010 13:25:18 - System Checkpoint
    RP268: 16/9/2010 19:53:25 - System Checkpoint
    RP269: 19/9/2010 14:24:50 - System Checkpoint
    RP270: 20/9/2010 15:00:38 - System Checkpoint
    RP271: 22/9/2010 10:19:18 - System Checkpoint
    RP272: 23/9/2010 16:22:30 - SPTD setup V1.62
    RP273: 23/9/2010 17:09:26 - Installed DirectX
    RP274: 23/9/2010 17:27:53 - Installed NVIDIA PhysX
    RP275: 25/9/2010 12:25:23 - System Checkpoint
    RP276: 29/9/2010 19:23:31 - System Checkpoint
    RP277: 3/10/2010 10:31:30 - Installed Microsoft Office Outlook Connector
    RP278: 3/10/2010 10:38:45 - Removed NVIDIA PhysX
    RP279: 3/10/2010 10:39:26 - Removed MediaCenter
    RP280: 3/10/2010 15:11:21 - Software Distribution Service 3.0
    RP281: 4/10/2010 18:30:11 - System Checkpoint
    RP282: 5/10/2010 19:02:30 - System Checkpoint
    RP283: 8/10/2010 12:26:08 - System Checkpoint
    RP284: 10/10/2010 18:41:32 - System Checkpoint
    RP285: 12/10/2010 17:49:12 - System Checkpoint
    RP286: 13/10/2010 18:43:29 - System Checkpoint
    RP287: 17/10/2010 16:50:36 - System Checkpoint
    RP288: 18/10/2010 17:42:46 - System Checkpoint
    RP289: 21/10/2010 21:07:15 - System Checkpoint
    RP290: 26/10/2010 19:52:06 - System Checkpoint
    RP291: 27/10/2010 20:05:54 - System Checkpoint
    RP292: 29/10/2010 07:41:09 - System Checkpoint
    RP293: 30/10/2010 08:58:17 - System Checkpoint
    RP294: 31/10/2010 09:47:58 - System Checkpoint
    RP295: 31/10/2010 18:20:33 - Software Distribution Service 3.0
    RP296: 4/11/2010 13:08:45 - System Checkpoint
    RP297: 6/11/2010 11:11:23 - System Checkpoint
    RP298: 7/11/2010 14:04:34 - System Checkpoint
    RP299: 8/11/2010 16:21:50 - System Checkpoint
    RP300: 9/11/2010 19:54:31 - System Checkpoint
    RP301: 10/11/2010 14:09:04 - Installed Samsung PC Studio 3
    RP302: 10/11/2010 14:24:20 - Installed Windows XP Wudf01009.
    RP303: 15/11/2010 22:29:56 - System Checkpoint
    RP304: 15/11/2010 22:34:11 - Software Distribution Service 3.0
    RP305: 18/11/2010 12:47:20 - System Checkpoint
    RP306: 19/11/2010 13:41:45 - System Checkpoint
    RP307: 19/11/2010 21:09:04 - Software Distribution Service 3.0
    RP308: 19/11/2010 21:38:30 - Software Distribution Service 3.0

    ==== Installed Programs ======================

    AC3Filter 1.63b
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Avira AntiVir Personal - Free Antivirus
    Belgium e-ID middleware 3.5.3 (build 6193)
    Bluetooth Stack for Windows by Toshiba
    Broadcom Gigabit Integrated Controller
    BSPlayer
    Compatibility Pack for the 2007 Office system
    Dell Resource CD
    Dell Touchpad
    DivX Setup
    Dropbox
    Foxit Reader
    GIMP 2.6.8
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    Java(TM) 6 Update 17
    K-Lite Codec Pack 4.7.5 (Full)
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIRC
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.5.15)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSVC80_x86_v2
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    mWlsSafe
    mWMI
    mZConfig
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Notepad++
    OZ776 SCR Driver V1.1.3.9
    PC Connectivity Solution
    Pinnacle MediaCenter
    PrimoPDF -- brought to you by Nitro PDF Software
    QT Lite 3.2.2
    QuickSet
    RETScreen
    RETScreen Version 4
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    SecureW2 TTLS Client 3.3.3 for Windows
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel Audio
    Sonic Activation Module
    SuperCopier2
    Switch Off
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 0.9.9
    VMware Workstation
    WebFldrs XP
    Windows Driver Package - Nokia Modem (06/09/2010 4.5)
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    20/11/2010 01:44:43, error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:43, error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:43, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:43, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:43, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:42, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:42, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 01:44:42, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    20/11/2010 00:31:52, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The system cannot find the file specified.
    19/11/2010 22:04:16, error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 22:04:11, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    19/11/2010 22:03:59, error: Service Control Manager [7034] - The VMware Virtual Mount Manager Extended service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 21:21:13, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd ssmdrv StarOpen Tcpip Tosrfcom
    19/11/2010 21:21:13, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    19/11/2010 21:21:13, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    19/11/2010 21:21:13, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    19/11/2010 21:21:13, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    19/11/2010 21:20:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    19/11/2010 21:11:09, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    19/11/2010 21:11:09, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: Access is denied.
    19/11/2010 20:45:37, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 20:45:08, error: Service Control Manager [7034] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s).
    19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows nt\accessories\wordpad.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.6010, the version of the system file is 5.1.2600.6010.
    19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmplayer.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\wmpband.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    19/11/2010 20:24:02, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\setup_wm.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5146, the version of the system file is 11.0.5721.5146.
    19/11/2010 20:23:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\windows media player\mpvis.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 11.0.5721.5145, the version of the system file is 11.0.5721.5145.
    19/11/2010 20:18:59, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5931, the version of the system file is 6.0.2900.5931.
    19/11/2010 20:18:04, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.1.4028.0, the version of the system file is 2.1.4028.0.
    19/11/2010 20:15:42, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.0.5730.13, the version of the system file is 7.0.5730.13.
    19/11/2010 20:15:42, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    19/11/2010 20:11:56, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.0.6001.18702, the version of the system file is 8.0.6001.18702.
    18/11/2010 09:01:22, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    16/11/2010 10:09:44, error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&1825d551&0&LPT1) disappeared from the system without first being prepared for removal.
    16/11/2010 10:09:44, error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPI\PNP0401\4&2f94427b&0) disappeared from the system without first being prepared for removal.
    16/11/2010 10:09:31, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
    16/11/2010 08:25:38, error: Print [6161] - The document Microsoft PowerPoint - TRADUCTION FRA energy forum.ppt owned by Michael failed to print on printer HP DeskJet 1220C. Data type: NT EMF 1.008. Size of the spool file in bytes: 56223000. Number of bytes printed: 19318072. Total number of pages in the document: 4. Number of pages printed: 1. Client machine: \\MICHAEL-D630. Win32 error code returned by the print processor: 0 (0x0).
    15/11/2010 22:38:00, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows XP (KB956844).
    15/11/2010 22:29:56, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'FoxitReade .. rences.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    15/11/2010 22:25:35, error: sptd [4] - Driver detected an internal error in its data structures for .
    15/11/2010 22:25:35, error: PlugPlayManager [12] - The device 'Extended IO Bus' (ACPI\PNP0A06\3&473f1a46&0) disappeared from the system without first being prepared for removal.
    15/11/2010 16:25:55, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a DHCPNACK message).
    14/11/2010 21:58:09, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    14/11/2010 19:44:54, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001DE04690DF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    14/11/2010 17:57:23, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    14/11/2010 11:43:08, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    13/11/2010 23:14:56, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================
     
  6. mcambron

    mcambron TS Rookie Topic Starter

    nevermind, I'm formatting.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Oh, thank you for letting me know...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...