Hello Broni:
My friends' Gateway 510 Tower is apparently infected again with myway.com redirect. viewpoint media player is back, as well. Here are the logs of 5-step removal process. The latest Malwarebytes, version 1.60.0.1800, failed to run and resulted in the two "%1084 'attempting to start the service EventSystem with arguments ' " errors in the logs. Thus, I ran rkill which terminated the following processes but did not resolve the Malwarebytes problem:
C:\WINNT\Explorer.EXE
C:\WINNT\System32\rundll32.exe
I had to revert to version 1.51.2.1300 with updating the database, but not the software, to make it run. I have since found out that the latest version has this problem. A work around is suggested but the bug is not fixed yet.
Happy New Year!
Wiz:wave:
__________________
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 912010206
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/2/2012 3:24:57 PM
mbam-log-2012-01-02 (15-24-57).txt
Scan type: Quick scan
Objects scanned: 234281
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
__________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-02 15:32:17
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y120L0 rev.YAR41BW0
Running: si6qh2de_jan_12.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxdcrfoc.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.2.0
Run by Owner at 15:32:54 on 2012-01-02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.495.237 [GMT -8:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [VerizonServicepoint.exe] c:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min /ns
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [SWHelper] "c:\winnt\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cztqwn11.default\
FF - prefs.js: browser.search.selectedEngine - PureDef Music
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - prefs.js: keyword.URL - hxxp://results.myway.com/dft_redir.jhtml?id=YD&ptb=CD0DC98B-7139-49FC-A6E9-F576D5DA4867&psa=&ind=2010031819&ptnrS=YD&si=&st=kwd&n=&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-27 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2010-8-29 372824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-27 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-27 269480]
R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2009-8-4 66616]
S2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-6-21 1355416]
.
=============== Created Last 30 ================
.
2012-01-02 22:34:18 22216 ----a-w- c:\winnt\system32\drivers\mbam.sys
2012-01-02 22:34:18 -------- d-----w- c:\program files\Malwarebytes_Anti-Malware
2012-01-02 19:12:31 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-01-02 18:58:20 637848 ----a-w- c:\winnt\system32\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-01-02 18:57:46 141312 ----a-w- c:\winnt\system32\javacpl.cpl
2012-01-02 18:57:45 567184 ----a-w- c:\winnt\system32\deployJava1.dll
2011-10-06 17:46:24 66616 ----a-w- c:\winnt\system32\drivers\avgntflt.sys
.
============= FINISH: 15:33:57.23 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2004 4:01:19 PM
System Uptime: 1/2/2012 3:08:54 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D865GLC
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 2992/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 65.091 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_2019107B&REV_02\4&2E98101C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_2019107B&REV_02\4&2E98101C&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP293: 10/6/2011 12:16:16 PM - System Checkpoint
RP294: 10/8/2011 3:48:53 PM - System Checkpoint
RP295: 10/9/2011 4:55:01 PM - System Checkpoint
RP296: 10/10/2011 6:43:39 PM - System Checkpoint
RP297: 10/12/2011 8:07:54 AM - System Checkpoint
RP298: 10/13/2011 8:18:17 AM - System Checkpoint
RP299: 10/17/2011 7:21:33 PM - System Checkpoint
RP300: 10/18/2011 7:24:11 PM - System Checkpoint
RP301: 10/20/2011 8:40:08 AM - System Checkpoint
RP302: 10/21/2011 10:23:01 AM - System Checkpoint
RP303: 10/22/2011 5:05:19 PM - System Checkpoint
RP304: 10/24/2011 8:02:38 AM - System Checkpoint
RP305: 10/25/2011 8:04:33 AM - System Checkpoint
RP306: 10/26/2011 7:59:21 PM - System Checkpoint
RP307: 10/29/2011 12:07:26 PM - System Checkpoint
RP308: 11/1/2011 5:23:49 PM - System Checkpoint
RP309: 11/5/2011 2:24:16 PM - System Checkpoint
RP310: 11/6/2011 4:53:13 PM - System Checkpoint
RP311: 11/11/2011 8:33:36 AM - System Checkpoint
RP312: 11/13/2011 10:06:42 AM - System Checkpoint
RP313: 11/14/2011 7:06:35 PM - System Checkpoint
RP314: 11/16/2011 7:05:38 PM - System Checkpoint
RP315: 11/18/2011 4:48:54 PM - System Checkpoint
RP316: 11/20/2011 5:38:10 PM - System Checkpoint
RP317: 11/21/2011 7:49:12 PM - System Checkpoint
RP318: 11/23/2011 9:08:24 AM - System Checkpoint
RP319: 11/24/2011 2:53:34 PM - System Checkpoint
RP320: 11/26/2011 8:30:13 AM - System Checkpoint
RP321: 11/27/2011 10:51:45 AM - System Checkpoint
RP322: 11/28/2011 6:49:26 PM - System Checkpoint
RP323: 11/29/2011 6:55:28 PM - System Checkpoint
RP324: 11/30/2011 7:14:30 PM - System Checkpoint
RP325: 12/3/2011 8:00:06 PM - System Checkpoint
RP326: 12/4/2011 8:13:30 PM - System Checkpoint
RP327: 12/6/2011 6:24:11 PM - System Checkpoint
RP328: 12/9/2011 8:45:15 AM - System Checkpoint
RP329: 12/11/2011 4:15:34 PM - System Checkpoint
RP330: 12/12/2011 5:27:51 PM - System Checkpoint
RP331: 12/13/2011 8:48:09 PM - System Checkpoint
RP332: 12/15/2011 3:01:17 PM - System Checkpoint
RP333: 12/16/2011 5:41:03 PM - System Checkpoint
RP334: 12/18/2011 2:45:15 PM - System Checkpoint
RP335: 12/19/2011 5:24:54 PM - System Checkpoint
RP336: 12/21/2011 4:08:25 PM - System Checkpoint
RP337: 12/22/2011 8:09:45 PM - System Checkpoint
RP338: 12/24/2011 5:24:44 PM - System Checkpoint
RP339: 12/26/2011 9:32:54 AM - System Checkpoint
RP340: 12/27/2011 6:38:20 PM - System Checkpoint
RP341: 12/28/2011 6:52:16 PM - System Checkpoint
RP342: 12/30/2011 9:20:11 AM - System Checkpoint
RP343: 12/31/2011 4:24:26 PM - System Checkpoint
RP344: 1/1/2012 5:02:09 PM - System Checkpoint
RP345: 1/2/2012 10:46:34 AM - before_jre_7_0_2_upgrade
RP346: 1/2/2012 10:57:39 AM - Installed Java(TM) 7 Update 2
.
==== Installed Programs ======================
.
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
7-Zip 9.15 beta
Ad-Aware
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.06
Ahead Nero BurnRights
AiO_Scan
AIOMinimal
AiOSoftware
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
AVS Audio Tools version 4.2
Belarc Advisor 8.1
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ZoomBrowser EX (E)
CCleaner
Copy
CreativeProjects
Cyber Chess
Director
DocProc
DoMore
DVD
eJay DJMixStation - Deinstallation
ESET Online Scanner v3
exPressit S.E. 2.2
Fax
Gateway Ink Monitor
Greetings Workshop
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
IconArt
InstantShare
Intel(R) 537EP Data Fax Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java(TM) 7 Update 2
JPEGCruncher Pro 2.0 Trial Version
Learn2 Player (Uninstall Only)
Making the Grade
Malwarebytes' Anti-Malware version 1.51.2.1300
Math Blaster Ages 7-8
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Halo
Microsoft Learning and Research Plus Support Files
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo Premium 9
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Minions of Mirth (remove only)
MovieEdit Task
Movies.com Motion
Mozilla Firefox 7.0.1 (x86 en-US)
MSN Internet Software
MSN Messenger 5.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MUSICMATCH® Jukebox
Nero OEM
Netscape (7.2)
NVIDIA Drivers
OpenOffice.org Installer 1.0
overland
PC-Doctor for Windows
Photo Loader 2.2E
PhotoGallery
Photohands 1.0E
PrintScreen
QFolder
Quicken 2004
QuickProjects
QuickTime
RAW Image Task
Reading Blaster Ages 6-7
Readme
RealPlayer Basic
Roxio Burn Engine
Scan
Sea Bubble Burst
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shockwave
SkinsHP1
SkinsHP2
SPORE™
Spy Masters Unmask the Prankster
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware
TES Construction Set
The Games Factory
Torque Game Engine 1.5.2 Demo (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB CASIO Digital Camera Device Driver
Verizon Broadband Toolbar
Verizon Servicepoint 1.3.21
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip 12.1
WOT for Internet Explorer
WYSIWYG Web Builder 4.3.1
XML Paper Specification Shared Components Pack 1.0
ZiggyGames
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
1/2/2012 1:14:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2012 1:14:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================
My friends' Gateway 510 Tower is apparently infected again with myway.com redirect. viewpoint media player is back, as well. Here are the logs of 5-step removal process. The latest Malwarebytes, version 1.60.0.1800, failed to run and resulted in the two "%1084 'attempting to start the service EventSystem with arguments ' " errors in the logs. Thus, I ran rkill which terminated the following processes but did not resolve the Malwarebytes problem:
C:\WINNT\Explorer.EXE
C:\WINNT\System32\rundll32.exe
I had to revert to version 1.51.2.1300 with updating the database, but not the software, to make it run. I have since found out that the latest version has this problem. A work around is suggested but the bug is not fixed yet.
Happy New Year!
Wiz:wave:
__________________
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 912010206
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/2/2012 3:24:57 PM
mbam-log-2012-01-02 (15-24-57).txt
Scan type: Quick scan
Objects scanned: 234281
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
__________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-02 15:32:17
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y120L0 rev.YAR41BW0
Running: si6qh2de_jan_12.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxdcrfoc.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.2.0
Run by Owner at 15:32:54 on 2012-01-02
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.495.237 [GMT -8:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.gateway.net
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.net/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [VerizonServicepoint.exe] c:\program files\verizon\servicepoint\VerizonServicepoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min /ns
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [SWHelper] "c:\winnt\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\cztqwn11.default\
FF - prefs.js: browser.search.selectedEngine - PureDef Music
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - prefs.js: keyword.URL - hxxp://results.myway.com/dft_redir.jhtml?id=YD&ptb=CD0DC98B-7139-49FC-A6E9-F576D5DA4867&psa=&ind=2010031819&ptnrS=YD&si=&st=kwd&n=&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-27 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2010-8-29 372824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-27 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-27 269480]
R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2009-8-4 66616]
S2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-6-21 1355416]
.
=============== Created Last 30 ================
.
2012-01-02 22:34:18 22216 ----a-w- c:\winnt\system32\drivers\mbam.sys
2012-01-02 22:34:18 -------- d-----w- c:\program files\Malwarebytes_Anti-Malware
2012-01-02 19:12:31 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2012-01-02 18:58:20 637848 ----a-w- c:\winnt\system32\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-01-02 18:57:46 141312 ----a-w- c:\winnt\system32\javacpl.cpl
2012-01-02 18:57:45 567184 ----a-w- c:\winnt\system32\deployJava1.dll
2011-10-06 17:46:24 66616 ----a-w- c:\winnt\system32\drivers\avgntflt.sys
.
============= FINISH: 15:33:57.23 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2004 4:01:19 PM
System Uptime: 1/2/2012 3:08:54 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D865GLC
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 2992/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 65.091 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_2019107B&REV_02\4&2E98101C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_2019107B&REV_02\4&2E98101C&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP293: 10/6/2011 12:16:16 PM - System Checkpoint
RP294: 10/8/2011 3:48:53 PM - System Checkpoint
RP295: 10/9/2011 4:55:01 PM - System Checkpoint
RP296: 10/10/2011 6:43:39 PM - System Checkpoint
RP297: 10/12/2011 8:07:54 AM - System Checkpoint
RP298: 10/13/2011 8:18:17 AM - System Checkpoint
RP299: 10/17/2011 7:21:33 PM - System Checkpoint
RP300: 10/18/2011 7:24:11 PM - System Checkpoint
RP301: 10/20/2011 8:40:08 AM - System Checkpoint
RP302: 10/21/2011 10:23:01 AM - System Checkpoint
RP303: 10/22/2011 5:05:19 PM - System Checkpoint
RP304: 10/24/2011 8:02:38 AM - System Checkpoint
RP305: 10/25/2011 8:04:33 AM - System Checkpoint
RP306: 10/26/2011 7:59:21 PM - System Checkpoint
RP307: 10/29/2011 12:07:26 PM - System Checkpoint
RP308: 11/1/2011 5:23:49 PM - System Checkpoint
RP309: 11/5/2011 2:24:16 PM - System Checkpoint
RP310: 11/6/2011 4:53:13 PM - System Checkpoint
RP311: 11/11/2011 8:33:36 AM - System Checkpoint
RP312: 11/13/2011 10:06:42 AM - System Checkpoint
RP313: 11/14/2011 7:06:35 PM - System Checkpoint
RP314: 11/16/2011 7:05:38 PM - System Checkpoint
RP315: 11/18/2011 4:48:54 PM - System Checkpoint
RP316: 11/20/2011 5:38:10 PM - System Checkpoint
RP317: 11/21/2011 7:49:12 PM - System Checkpoint
RP318: 11/23/2011 9:08:24 AM - System Checkpoint
RP319: 11/24/2011 2:53:34 PM - System Checkpoint
RP320: 11/26/2011 8:30:13 AM - System Checkpoint
RP321: 11/27/2011 10:51:45 AM - System Checkpoint
RP322: 11/28/2011 6:49:26 PM - System Checkpoint
RP323: 11/29/2011 6:55:28 PM - System Checkpoint
RP324: 11/30/2011 7:14:30 PM - System Checkpoint
RP325: 12/3/2011 8:00:06 PM - System Checkpoint
RP326: 12/4/2011 8:13:30 PM - System Checkpoint
RP327: 12/6/2011 6:24:11 PM - System Checkpoint
RP328: 12/9/2011 8:45:15 AM - System Checkpoint
RP329: 12/11/2011 4:15:34 PM - System Checkpoint
RP330: 12/12/2011 5:27:51 PM - System Checkpoint
RP331: 12/13/2011 8:48:09 PM - System Checkpoint
RP332: 12/15/2011 3:01:17 PM - System Checkpoint
RP333: 12/16/2011 5:41:03 PM - System Checkpoint
RP334: 12/18/2011 2:45:15 PM - System Checkpoint
RP335: 12/19/2011 5:24:54 PM - System Checkpoint
RP336: 12/21/2011 4:08:25 PM - System Checkpoint
RP337: 12/22/2011 8:09:45 PM - System Checkpoint
RP338: 12/24/2011 5:24:44 PM - System Checkpoint
RP339: 12/26/2011 9:32:54 AM - System Checkpoint
RP340: 12/27/2011 6:38:20 PM - System Checkpoint
RP341: 12/28/2011 6:52:16 PM - System Checkpoint
RP342: 12/30/2011 9:20:11 AM - System Checkpoint
RP343: 12/31/2011 4:24:26 PM - System Checkpoint
RP344: 1/1/2012 5:02:09 PM - System Checkpoint
RP345: 1/2/2012 10:46:34 AM - before_jre_7_0_2_upgrade
RP346: 1/2/2012 10:57:39 AM - Installed Java(TM) 7 Update 2
.
==== Installed Programs ======================
.
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
7-Zip 9.15 beta
Ad-Aware
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.06
Ahead Nero BurnRights
AiO_Scan
AIOMinimal
AiOSoftware
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
AVS Audio Tools version 4.2
Belarc Advisor 8.1
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ZoomBrowser EX (E)
CCleaner
Copy
CreativeProjects
Cyber Chess
Director
DocProc
DoMore
DVD
eJay DJMixStation - Deinstallation
ESET Online Scanner v3
exPressit S.E. 2.2
Fax
Gateway Ink Monitor
Greetings Workshop
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
IconArt
InstantShare
Intel(R) 537EP Data Fax Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java(TM) 7 Update 2
JPEGCruncher Pro 2.0 Trial Version
Learn2 Player (Uninstall Only)
Making the Grade
Malwarebytes' Anti-Malware version 1.51.2.1300
Math Blaster Ages 7-8
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Halo
Microsoft Learning and Research Plus Support Files
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo Premium 9
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Minions of Mirth (remove only)
MovieEdit Task
Movies.com Motion
Mozilla Firefox 7.0.1 (x86 en-US)
MSN Internet Software
MSN Messenger 5.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MUSICMATCH® Jukebox
Nero OEM
Netscape (7.2)
NVIDIA Drivers
OpenOffice.org Installer 1.0
overland
PC-Doctor for Windows
Photo Loader 2.2E
PhotoGallery
Photohands 1.0E
PrintScreen
QFolder
Quicken 2004
QuickProjects
QuickTime
RAW Image Task
Reading Blaster Ages 6-7
Readme
RealPlayer Basic
Roxio Burn Engine
Scan
Sea Bubble Burst
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shockwave
SkinsHP1
SkinsHP2
SPORE™
Spy Masters Unmask the Prankster
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware
TES Construction Set
The Games Factory
Torque Game Engine 1.5.2 Demo (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB CASIO Digital Camera Device Driver
Verizon Broadband Toolbar
Verizon Servicepoint 1.3.21
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Presentation Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip 12.1
WOT for Internet Explorer
WYSIWYG Web Builder 4.3.1
XML Paper Specification Shared Components Pack 1.0
ZiggyGames
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
1/2/2012 1:14:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2012 1:14:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================