BlackBabylon
Posts: 8 +0
Hello TechSpot,
I'm at a family members for the holidays and there having an issue with there web browser/ Google redirecting them to malicious sites. From what Ive see in other thread's, this is a widespread problem.
Ive went through the 8-step process and here are my logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5378
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/22/2010 1:59:57 PM
mbam-log-2010-12-22 (13-59-57).txt
Scan type: Quick scan
Objects scanned: 125112
Time elapsed: 5 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy Tools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\LonnyM\application data\PC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD\juicyaccess toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD\juicyaccess toolbar\4.1.0.17730 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD\juicyaccess toolbar\4.1.0.17730\bin (Adware.DoubleD) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\LonnyM\application data\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\settings.ini (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\sdfsfs.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-22 14:17:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Maxtor_2F040L0 rev.VAM51JJ0
Running: 4umf5hup.exe; Driver: C:\DOCUME~1\LonnyM\LOCALS~1\Temp\fxtdapog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 80292992 (+254): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A20AAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A20AAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A20AAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A20AAEA
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_2F040L0__________________________VAM51JJ0#3146483433534538202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by LonnyM at 14:20:40.93 on Wed 12/22/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1064 [GMT -5:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Promon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\LonnyM\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
mRun: [Promon.exe] Promon.exe
mRun: [SprintModemUpdate] javaw.exe -cp "c:\program files\motive\firmwareupdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Matrox PowerDesk SE] "c:\program files\matrox graphics inc\powerdesk se\Matrox.PowerDesk SE.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: avgrsstarter - avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\lonnym\applic~1\mozilla\firefox\profiles\lbatd972.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPOJI610.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-21 297752]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\matrox graphics inc\powerdesk\services\Matrox.PowerDesk.Services.exe [2009-2-6 1263872]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2009-2-6 344832]
=============== Created Last 30 ================
2010-12-22 18:48:32 -------- d-----w- c:\docume~1\lonnym\applic~1\Malwarebytes
2010-12-22 18:48:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 18:48:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-22 18:48:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 18:48:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 15:55:47 -------- d-----w- c:\program files\VideoLAN
2010-12-21 21:03:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-12-21 21:03:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-12-21 16:43:19 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-21 01:49:22 -------- d-----w- c:\docume~1\lonnym\applic~1\Local
2010-12-21 01:41:58 -------- d-----w- c:\program files\DivX
2010-12-21 01:41:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-12-20 13:52:49 -------- d-----w- c:\docume~1\lonnym\locals~1\applic~1\Opera
2010-12-20 04:44:38 -------- d-----w- c:\docume~1\lonnym\applic~1\Panda Security
2010-12-20 04:32:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
==================== Find3M ====================
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_2F040L0 rev.VAM51JJ0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A20AEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8a202872; SUB DWORD [EBP-0x4], 0x8a20212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A204AB8]
3 CLASSPNP[0xF7647FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000051[0x8A29DF18]
5 ACPI[0xF750E620] -> nt!IofCallDriver[0x804E37C5] -> [0x8A29A940]
[0x8A1CCD98] -> IRP_MJ_CREATE -> 0x8A20AEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_2F040L0__________________________VAM51JJ0#3146483433534538202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A20AAEA
user & kernel MBR OK
sectors 80293246 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 14:22:13.54 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2009 10:38:55 PM
System Uptime: 12/22/2010 2:01:12 PM (0 hours ago)
Motherboard: Intel Corporation | | D845WN
Processor: Intel(R) Pentium(R) 4 CPU 1600MHz | J2E1 | 1594/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 22.986 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&163C0F35&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&163C0F35&0
Service: i8042prt
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&163C0F35&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&163C0F35&0
Service: i8042prt
==== System Restore Points ===================
RP138: 9/28/2010 9:32:03 PM - System Checkpoint
RP139: 10/7/2010 8:35:01 PM - Avg8 Update
RP140: 10/9/2010 9:45:37 AM - System Checkpoint
RP141: 10/10/2010 2:56:04 PM - System Checkpoint
RP142: 10/17/2010 5:24:17 PM - System Checkpoint
RP143: 10/26/2010 8:09:58 PM - Avg8 Update
RP144: 10/26/2010 8:11:14 PM - Avg8 Update
RP145: 12/5/2010 9:42:07 AM - System Checkpoint
RP146: 12/11/2010 12:14:21 PM - System Checkpoint
RP147: 12/14/2010 9:47:22 PM - System Checkpoint
RP148: 12/17/2010 12:11:34 AM - System Checkpoint
RP149: 12/18/2010 1:57:04 AM - System Checkpoint
RP150: 12/19/2010 12:04:47 PM - System Checkpoint
RP151: 12/20/2010 12:12:30 PM - System Checkpoint
RP152: 12/21/2010 12:25:14 PM - System Checkpoint
==== Installed Programs ======================
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Bonjour
BroadJump Client Foundation
CCleaner (remove only)
DivX Web Player
FinePixViewer Ver.3.2
FUJIFILM USB Driver
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
ImageMixer VCD for FinePix
Intel(R) Network Connections Drivers
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Lexmark 2400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Malwarebytes' Anti-Malware
Matrox Graphics Software (remove only)
Matrox PowerDesk-SE
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Mozilla Firefox (3.5.16)
MSN
MSXML 4.0 SP2 (KB954430)
Opera 11.00
QuickTime
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.5
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
==== Event Viewer Messages From Past Week ========
12/22/2010 2:15:59 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/22/2010 2:02:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/22/2010 1:36:21 PM, error: Service Control Manager [7034] - The lxcr_device service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:21 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:21 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The MGABGEXE service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The Matrox.Pdesk.ServicesHost service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The Matrox Centering Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/22/2010 1:36:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/22/2010 1:13:28 PM, error: Service Control Manager [7034] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s).
12/21/2010 7:46:32 PM, error: Dhcp [1002] - The IP address lease 70.119.59.138 for the Network Card with network address 000347CAAAA8 has been denied by the DHCP server 192.168.0.10 (The DHCP Server sent a DHCPNACK message).
12/17/2010 4:45:00 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D8986604-8B57-4778-B41E-1C9309DA4E8B} because another computer on the network has the same name. The server could not start.
12/17/2010 4:31:16 PM, error: Dhcp [1002] - The IP address lease 68.207.121.165 for the Network Card with network address 000347CAAAA8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/16/2010 11:34:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
12/16/2010 11:33:35 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/16/2010 11:33:35 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
==== End Of File ===========================
I'm at a family members for the holidays and there having an issue with there web browser/ Google redirecting them to malicious sites. From what Ive see in other thread's, this is a widespread problem.
Ive went through the 8-step process and here are my logs:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5378
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/22/2010 1:59:57 PM
mbam-log-2010-12-22 (13-59-57).txt
Scan type: Quick scan
Objects scanned: 125112
Time elapsed: 5 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 16
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy Tools (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\LonnyM\application data\PC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD\juicyaccess toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD\juicyaccess toolbar\4.1.0.17730 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\local settings\application data\DoubleD\juicyaccess toolbar\4.1.0.17730\bin (Adware.DoubleD) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\LonnyM\application data\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\settings.ini (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\sdfsfs.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\documents and settings\LonnyM\application data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-22 14:17:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Maxtor_2F040L0 rev.VAM51JJ0
Running: 4umf5hup.exe; Driver: C:\DOCUME~1\LonnyM\LOCALS~1\Temp\fxtdapog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 80292992 (+254): rootkit-like behavior;
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A20AAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A20AAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A20AAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A20AAEA
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_2F040L0__________________________VAM51JJ0#3146483433534538202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02) - NTFSx86
Run by LonnyM at 14:20:40.93 on Wed 12/22/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1064 [GMT -5:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Promon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\LonnyM\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
mRun: [Promon.exe] Promon.exe
mRun: [SprintModemUpdate] javaw.exe -cp "c:\program files\motive\firmwareupdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Matrox PowerDesk SE] "c:\program files\matrox graphics inc\powerdesk se\Matrox.PowerDesk SE.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: avgrsstarter - avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\lonnym\applic~1\mozilla\firefox\profiles\lbatd972.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPOJI610.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-21 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-21 297752]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\matrox graphics inc\powerdesk\services\Matrox.PowerDesk.Services.exe [2009-2-6 1263872]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2009-2-6 344832]
=============== Created Last 30 ================
2010-12-22 18:48:32 -------- d-----w- c:\docume~1\lonnym\applic~1\Malwarebytes
2010-12-22 18:48:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-22 18:48:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-22 18:48:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-22 18:48:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 15:55:47 -------- d-----w- c:\program files\VideoLAN
2010-12-21 21:03:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-12-21 21:03:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-12-21 16:43:19 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-21 01:49:22 -------- d-----w- c:\docume~1\lonnym\applic~1\Local
2010-12-21 01:41:58 -------- d-----w- c:\program files\DivX
2010-12-21 01:41:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-12-20 13:52:49 -------- d-----w- c:\docume~1\lonnym\locals~1\applic~1\Opera
2010-12-20 04:44:38 -------- d-----w- c:\docume~1\lonnym\applic~1\Panda Security
2010-12-20 04:32:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
==================== Find3M ====================
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_2F040L0 rev.VAM51JJ0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A20AEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8a202872; SUB DWORD [EBP-0x4], 0x8a20212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x8A204AB8]
3 CLASSPNP[0xF7647FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\00000051[0x8A29DF18]
5 ACPI[0xF750E620] -> nt!IofCallDriver[0x804E37C5] -> [0x8A29A940]
[0x8A1CCD98] -> IRP_MJ_CREATE -> 0x8A20AEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_2F040L0__________________________VAM51JJ0#3146483433534538202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A20AAEA
user & kernel MBR OK
sectors 80293246 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 14:22:13.54 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/29/2009 10:38:55 PM
System Uptime: 12/22/2010 2:01:12 PM (0 hours ago)
Motherboard: Intel Corporation | | D845WN
Processor: Intel(R) Pentium(R) 4 CPU 1600MHz | J2E1 | 1594/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 22.986 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&163C0F35&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&163C0F35&0
Service: i8042prt
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&163C0F35&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&163C0F35&0
Service: i8042prt
==== System Restore Points ===================
RP138: 9/28/2010 9:32:03 PM - System Checkpoint
RP139: 10/7/2010 8:35:01 PM - Avg8 Update
RP140: 10/9/2010 9:45:37 AM - System Checkpoint
RP141: 10/10/2010 2:56:04 PM - System Checkpoint
RP142: 10/17/2010 5:24:17 PM - System Checkpoint
RP143: 10/26/2010 8:09:58 PM - Avg8 Update
RP144: 10/26/2010 8:11:14 PM - Avg8 Update
RP145: 12/5/2010 9:42:07 AM - System Checkpoint
RP146: 12/11/2010 12:14:21 PM - System Checkpoint
RP147: 12/14/2010 9:47:22 PM - System Checkpoint
RP148: 12/17/2010 12:11:34 AM - System Checkpoint
RP149: 12/18/2010 1:57:04 AM - System Checkpoint
RP150: 12/19/2010 12:04:47 PM - System Checkpoint
RP151: 12/20/2010 12:12:30 PM - System Checkpoint
RP152: 12/21/2010 12:25:14 PM - System Checkpoint
==== Installed Programs ======================
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
Bonjour
BroadJump Client Foundation
CCleaner (remove only)
DivX Web Player
FinePixViewer Ver.3.2
FUJIFILM USB Driver
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
ImageMixer VCD for FinePix
Intel(R) Network Connections Drivers
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Lexmark 2400 Series
Lexmark Fax Solutions
Lexmark Toolbar
Malwarebytes' Anti-Malware
Matrox Graphics Software (remove only)
Matrox PowerDesk-SE
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Mozilla Firefox (3.5.16)
MSN
MSXML 4.0 SP2 (KB954430)
Opera 11.00
QuickTime
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.5
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
==== Event Viewer Messages From Past Week ========
12/22/2010 2:15:59 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/22/2010 2:02:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/22/2010 1:36:21 PM, error: Service Control Manager [7034] - The lxcr_device service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:21 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:21 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The MGABGEXE service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The Matrox.Pdesk.ServicesHost service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The Matrox Centering Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 1:36:20 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/22/2010 1:36:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/22/2010 1:13:28 PM, error: Service Control Manager [7034] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s).
12/21/2010 7:46:32 PM, error: Dhcp [1002] - The IP address lease 70.119.59.138 for the Network Card with network address 000347CAAAA8 has been denied by the DHCP server 192.168.0.10 (The DHCP Server sent a DHCPNACK message).
12/17/2010 4:45:00 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D8986604-8B57-4778-B41E-1C9309DA4E8B} because another computer on the network has the same name. The server could not start.
12/17/2010 4:31:16 PM, error: Dhcp [1002] - The IP address lease 68.207.121.165 for the Network Card with network address 000347CAAAA8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/16/2010 11:34:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
12/16/2010 11:33:35 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/16/2010 11:33:35 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
==== End Of File ===========================